20161015

STOPエラー Bug Check Code ブルースクリーンエラー

STOPエラー ブルースクリーンエラー

 Bug Check Code (WinDbg : 10.0.10586.567)

 OS Windows XP , Windows Server 2003 R2 , Windows Vista , Windows Server 2008 , Windows 7 , Windows Server 2008 R2 , Windows 8 , Windows Server 2012 , Windows 8.1 , Windows 10

 Blue Screen Data When Microsoft Windows encounters a condition that compromises safe system operation, the system halts.
This condition is called a bug check.
It is also commonly referred to as a system crash, a kernel error, or a Stop error.

 STOP: 0x0000008E (0xC000001D, 0xBF9E797C, 0xF7B379DE, 0x00000000)
 Example STOP : ==== 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08 0x09 0x0A 0x0B 0x0C 0x0D 0x0E 0x0F 0x10 0x11 0x12 0x13 0x14 0x15 0x16 0x17 0x18 0x19 0x1A 0x1B 0x1C 0x1D 0x1E 0x1F 0x20 0x21 0x22 0x23 0x24 0x25 0x26 0x27 0x28 0x29 0x2A 0x2B 0x2C 0x2D 0x2E 0x2F 0x30 0x31 0x32 0x33 0x34 0x35 0x36 0x37 0x38 0x39 0x3A 0x3B 0x3C 0x3D 0x3E 0x3F 0x40 0x41 0x42 0x43 0x44 0x45 0x46 0x47 0x48 0x49 0x4A 0x4B 0x4C 0x4D 0x4E 0x4F 0x50 0x51 0x52 0x53 0x54 0x55 0x56 0x57 0x58 0x59 0x5A 0x5B 0x5C 0x5D 0x5E 0x5F 0x60 0x61 0x62 0x63 0x64 0x65 0x66 0x67 0x68 0x69 0x6A 0x6B 0x6C 0x6D 0x6E 0x6F 0x70 0x71 0x72 0x73 0x74 0x75 0x76 0x77 0x78 0x79 0x7A 0x7B 0x7C 0x7D 0x7E 0x7F 0x80 0x81 0x82 ==== ==== 0x85 ==== ==== ==== ==== ==== 0x8B ==== ==== 0x8E 0x8F 0x90 ==== 0x92 0x93 0x94 ==== 0x96 0x97 0x98 0x99 0x9A 0x9B 0x9C ==== 0x9E 0x9F 0xA0 0xA1 0xA2 0xA3 0xA4 0xA5 ==== 0xA7 ==== ==== ==== 0xAB 0xAC 0xAD ==== ==== ==== ==== ==== ==== 0xB4 ==== ==== ==== 0xB8 0xB9 0xBA 0xBB 0xBC ==== 0xBE 0xBF ==== 0xC1 0xC2 ==== 0xC4 0xC5 0xC6 0xC7 0xC8 0xC9 0xCA 0xCB 0xCC 0xCD 0xCE 0xCF 0xD0 0xD1 0xD2 0xD3 0xD4 0xD5 0xD6 0xD7 0xD8 0xD9 0xDA 0xDB 0xDC ==== 0xDE 0xDF 0xE0 0xE1 0xE2 0xE3 0xE4 ==== 0xE6 0xE7 0xE8 0xE9 0xEA 0xEB 0xEC 0xED ==== 0xEF ==== 0xF1 ==== 0xF3 0xF4 0xF5 0xF6 0xF7 0xF8 0xF9 0xFA ==== 0xFC 0xFD 0xFE 0xFF x100 x101 ==== x103 x104 x105 x106 ==== x108 x109 x10A ==== x10C x10D x10E x10F ==== x111 x112 x113 x114 x115 x116 x117 ==== x119 x11A x11B x11C x11D ==== ==== ==== x121 x122 ==== x124 ==== ==== x127 ==== ==== ==== x12B x12C ==== ==== ==== ==== ==== ==== x133 ==== ==== ==== ==== x138 x139 ==== ==== ==== ==== ==== ==== ==== ==== ==== ==== x144 ==== ==== ==== ==== ==== ==== x14B ==== ==== ==== ==== ==== ==== ==== ==== ==== ==== ==== ==== ==== ==== ==== ==== === x15D x15E ==== 0x1000007E 0x1000007F 0x1000008E 0x100000EA 0xC0000218 0xC000021A 0xC0000221 0xDEADDEAD

 Bug Check 0x1:
APC_INDEX_MISMATCH The APC_INDEX_MISMATCH bug check has a value of 0x00000001. This indicates that there has been a mismatch in the APC state index. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The address of the system function (system call) or worker routine. 2 The value of the current thread's ApcStateIndex field. 3 The value of current thread's CombinedApcDisable field. This field consists of two separate 16-bit fields: (Thread->SpecialApcDisable << 16) | Thread->KernelApcDisable. 4 Call type (0 - system call, 1 - worker routine). Cause The most common cause of this bug check is when a file system or driver has a mismatched sequence of calls to disable and re-enable APCs. The key data item is the Thread->CombinedApcDisable field. The CombinedApcDisable field consists of two separate 16-bit fields: SpecialApcDisable and KernelApcDisable. A negative value of either field indicates that a driver has disabled special or normal APCs (respectively) without re-enabling them. A positive value indicates that a driver has enabled special or normal APCs too many times. Remarks This is a kernel internal error. This error occurs on exit from a system call. A possible cause for this bug check is when a file system or driver has a mismatched sequence of system calls to enter or leave guarded or critical regions. For example, each call to KeEnterCriticalRegion must have a matching call to KeLeaveCriticalRegion. If you are developing a driver, you can use Static Driver Verifier, a static analysis tool available in the Windows Driver Kit, to detect problems in your code before you ship your driver. Run Static Driver Verifier with the CriticalRegions rule to verify that your source code uses these system calls in correct sequence.
 Bug Check 0x2: DEVICE_QUEUE_NOT_BUSY The DEVICE_QUEUE_NOT_BUSY bug check has a value of 0x00000002. This bug check appears very infrequently.
 Bug Check 0x3: INVALID_AFFINITY_SET The INVALID_AFFINITY_SET bug check has a value of 0x00000003. This bug check appears very infrequently.
 Bug Check 0x4: INVALID_DATA_ACCESS_TRAP The INVALID_DATA_ACCESS_TRAP bug check has a value of 0x00000004. This bug check appears very infrequently.
 Bug Check 0x5: INVALID_PROCESS_ATTACH_ATTEMPT The INVALID_PROCESS_ATTACH_ATTEMPT bug check has a value of 0x00000005. This generally indicates that the thread was attached to a process in a situation where that is not allowed. For example, this bug check could occur if KeAttachProcess was called when the thread was already attached to a process (which is illegal), or if the thread returned from certain function calls in an attached state (which is invalid), This bug check appears very infrequently. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The pointer to the dispatcher object for the target process, or if the thread is already attached, the pointer to the object for the original process. 2 The pointer to the dispatcher object of the process that the current thread is currently attached to. 3 The value of the thread's APC state index. 4 A non-zero value indicates that a DPC is running on the current processor. Remarks This bug check can occur if the driver calls the KeAttachProcess function and the thread is already attached to another process. It is better to use the KeStackAttachProcess function. If the current thread was already attached to another process, the KeStackAttachProcess function saves the current APC state before it attaches the current thread to the new process.
 Bug Check 0x6: INVALID_PROCESS_DETACH_ATTEMPT The INVALID_PROCESS_DETACH_ATTEMPT bug check has a value of 0x00000006. This bug check appears very infrequently.
 Bug Check 0x7: INVALID_SOFTWARE_INTERRUPT The INVALID_SOFTWARE_INTERRUPT bug check has a value of 0x00000007. This bug check appears very infrequently.
 Bug Check 0x8: IRQL_NOT_DISPATCH_LEVEL The IRQL_NOT_DISPATCH_LEVEL bug check has a value of 0x00000008. This bug check appears very infrequently.
 Bug Check 0x9: IRQL_NOT_GREATER_OR_EQUAL The IRQL_NOT_GREATER_OR_EQUAL bug check has a value of 0x00000009. This bug check appears very infrequently.
 Bug Check 0xA: IRQL_NOT_LESS_OR_EQUAL The IRQL_NOT_LESS_OR_EQUAL bug check has a value of 0x0000000A. This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Memory referenced 2 IRQL at time of reference 3 0: Read 1: Write 4 Address which referenced memory Cause This bug check is issued if paged memory (or invalid memory) is accessed when the IRQL is too high. The error that generates this bug check usually occurs after the installation of a faulty device driver, system service, or BIOS. If you encounter bug check 0xA while upgrading to a later version of Windows, this error might be caused by a device driver, a system service, a virus scanner, or a backup tool that is incompatible with the new version. Resolution If a kernel debugger is available, obtain a stack trace. To resolve an error caused by a faulty device driver, system service, or BIOS Restart your computer. Press F8 at the character-based menu that displays the operating system choices. Select the Last Known Good Configuration option from the Windows Advanced Options menu. This option is most effective when only one driver or service is added at a time. To resolve an error caused by an incompatible device driver, system service, virus scanner, or backup tool Check the System Log in Event Viewer for error messages that might identify the device or driver that caused the error. Try disabling memory caching of the BIOS. Run the hardware diagnostics supplied by the system manufacturer, especially the memory scanner. For details on these procedures, see the owner's manual for your computer. Make sure the latest Service Pack is installed. If your system has small computer system interface (SCSI) adapters, contact the adapter manufacturer to obtain updated Windows drivers. Try disabling sync negotiation in the SCSI BIOS, checking the cabling and the SCSI IDs of each device, and confirming proper termination. For integrated device electronics (IDE) devices, define the onboard IDE port as Primary only. Also, check each IDE device for the proper master/subordinate/stand-alone setting. Try removing all IDE devices except for hard disks. If the message appears during an installation of Windows, make sure that the computer and all installed peripherals are compatible with the version of Windows being installed. For example, you can get information about compatibility with Windows 7 at the Windows 7 Compatibility Center. Here is a debugging example: kd> .bugcheck [Lists bug check data.]
Bugcheck code 0000000a Arguments 00000000 0000001c 00000000 00000000 kd> kb [Lists the stack trace.] ChildEBP RetAddr Args to Child 8013ed5c 801263ba 00000000 00000000 e12ab000 NT!_DbgBreakPoint 8013eecc 801389ee 0000000a 00000000 0000001c NT!_KeBugCheckEx+0x194 8013eecc 00000000 0000000a 00000000 0000001c NT!_KiTrap0E+0x256 8013ed5c 801263ba 00000000 00000000 e12ab000 8013ef64 00000246 fe551aa1 ff690268 00000002 NT!_KeBugCheckEx+0x194 kd> kv [Lists the trap frames.] ChildEBP RetAddr Args to Child 8013ed5c 801263ba 00000000 00000000 e12ab000 NT!_DbgBreakPoint (FPO: [0,0,0]) 8013eecc 801389ee 0000000a 00000000 0000001c NT!_KeBugCheckEx+0x194 8013eecc 00000000 0000000a 00000000 0000001c NT!_KiTrap0E+0x256 (FPO: [0,0] TrapFrame @ 8013eee8) 8013ed5c 801263ba 00000000 00000000 e12ab000 8013ef64 00000246 fe551aa1 ff690268 00000002 NT!_KeBugCheckEx+0x194 kd> .trap 8013eee8 [Gets the registers for the trap frame at the time of the fault.] eax=dec80201 ebx=ffdff420 ecx=8013c71c edx=000003f8 esi=00000000 edi=87038e10 eip=00000000 esp=8013ef5c ebp=8013ef64 iopl=0 nv up ei pl nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202 ErrCode = 00000000 00000000 ??????????????? [The current instruction pointer is NULL.] kd> kb [Gives the stack trace before the fault.] ChildEBP RetAddr Args to Child 8013ef68 fe551aa1 ff690268 00000002 fe5620d2 NT!_DbgBreakPoint 8013ef74 fe5620d2 fe5620da ff690268 80404690 NDIS!_EthFilterIndicateReceiveComplete+0x31 8013ef64 00000246 fe551aa1 ff690268 00000002 elnkii!_ElnkiiRcvInterruptDpc+0x1d0 Remarks Before upgrading to a new version of Windows, remove all third-party device drivers and system services, and disable any virus scanners. Contact the software manufacturers to obtain updates of these third-party tools. Bug Check 0xB: NO_EXCEPTION_HANDLING_SUPPORT The NO_EXCEPTION_HANDLING_SUPPORT bug check has a value of 0x0000000B. This bug check appears very infrequently. Bug Check 0xC: MAXIMUM_WAIT_OBJECTS_EXCEEDED The MAXIMUM_WAIT_OBJECTS_EXCEEDED bug check has a value of 0x0000000C. This indicates that the current thread exceeded the permitted number of wait objects. Parameters None Cause This bug check results from the improper use of KeWaitForMultipleObjects or FsRtlCancellableWaitForMultipleObjects. The caller may pass a pointer to a buffer in this routine's WaitBlockArray parameter. The system will use this buffer to keep track of wait objects. If a buffer is supplied, the Count parameter may not exceed MAXIMUM_WAIT_OBJECTS. If no buffer is supplied, the Count parameter may not exceed THREAD_WAIT_OBJECTS. If the value of Count exceeds the allowable value, this bug check is issued. Bug Check 0xD: MUTEX_LEVEL_NUMBER_VIOLATION The MUTEX_LEVEL_NUMBER_VIOLATION bug check has a value of 0x0000000D. This bug check appears very infrequently. Bug Check 0xE: NO_USER_MODE_CONTEXT The NO_USER_MODE_CONTEXT bug check has a value of 0x0000000E. This bug check appears very infrequently. Bug Check 0xF: SPIN_LOCK_ALREADY_OWNED The SPIN_LOCK_ALREADY_OWNED bug check has a value of 0x0000000F. This indicates that a request for a spin lock has been initiated when the spin lock was already owned. Parameters None Cause Typically, this error is caused by a recursive request for a spin lock. It can also occur if something similar to a recursive request for a spin lock has been initiated--for example, when a spin lock has been acquired by a thread, and then that same thread calls a function, which also tries to acquire a spin lock. The second attempt to acquire a spin lock is not blocked in this case because doing so would result in an unrecoverable deadlock. If the calls are made on more than one processor, then one processor will be blocked until the other processor releases the lock. This error can also occur, without explicit recursion, when all threads and all spin locks are assigned an IRQL. Spin lock IRQLs are always greater than or equal to DPC level, but this is not true for threads. However, a thread that is holding a spin lock must maintain an IRQL greater than or equal to that of the spin lock. Decreasing the thread IRQL below the IRQL level of the spin lock that it is holding allows another thread to be scheduled on the processor. This new thread could then attempt to acquire the same spin lock. Resolution Ensure that you are not recursively acquiring the lock. And, for threads that hold a spin lock, ensure that you are not decreasing the thread IRQL to a level below the IRQL of the spin lock that it is holding. Bug Check 0x10: SPIN_LOCK_NOT_OWNED The SPIN_LOCK_NOT_OWNED bug check has a value of 0x00000010. This bug check appears very infrequently. Bug Check 0x11: THREAD_NOT_MUTEX_OWNER The THREAD_NOT_MUTEX_OWNER bug check has a value of 0x00000011. This bug check appears very infrequently. Bug Check 0x12: TRAP_CAUSE_UNKNOWN The TRAP_CAUSE_UNKNOWN bug check has a value of 0x00000012. This indicates that an unknown exception has occurred. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The unexpected interrupt 2 The unknown floating-point exception 3 The enabled and asserted status bits. See the processor definition for details. 4 Reserved
 Bug Check 0x13: EMPTY_THREAD_REAPER_LIST The EMPTY_THREAD_REAPER_LIST bug check has a value of 0x00000013. This bug check appears very infrequently.
 Bug Check 0x14: CREATE_DELETE_LOCK_NOT_LOCKED The CREATE_DELETE_LOCK_NOT_LOCKED bug check has a value of 0x00000014. This bug check appears very infrequently.
 Bug Check 0x15: LAST_CHANCE_CALLED_FROM_KMODE The LAST_CHANCE_CALLED_FROM_KMODE bug check has a value of 0x00000015. This bug check appears very infrequently.
 Bug Check 0x16: CID_HANDLE_CREATION The CID_HANDLE_CREATION bug check has a value of 0x00000016. This bug check appears very infrequently.
 Bug Check 0x17: CID_HANDLE_DELETION The CID_HANDLE_DELETION bug check has a value of 0x00000017. This bug check appears very infrequently.
 Bug Check 0x18: REFERENCE_BY_POINTER The REFERENCE_BY_POINTER bug check has a value of 0x00000018. This indicates that the reference count of an object is illegal for the current state of the object. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Object type of the object whose reference count is being lowered. 2 Object whose reference count is being lowered. 3 Reserved 4 Reserved Cause The reference count of an object is illegal for the current state of the object. Each time a driver uses a pointer to an object, the driver calls a kernel routine to increase the reference count of the object by one. When the driver is done with the pointer, the driver calls another kernel routine to decrease the reference count by one. Drivers must match calls to the routines that increase (reference) and decrease (dereference) the reference count. This bug check is caused by an inconsistency in the object's reference count. Typically, the inconsistency is caused by a driver that decreases the reference count of an object too many times, making extra calls that dereference the object. This bug check can occur because an object's reference count goes to zero while there are still open handles to the object. It might also occur when the object's reference count drops below zero, whether or not there are open handles to the object. Resolution Make sure that the driver matches calls to the routines that increase and decrease the reference count of the object. Make sure that your driver does not make extra calls to routines that dereference the object (see Parameter 2). You can use a debugger to help analyze this problem. To find the handle and pointer count on the object, use the !object debugger command. kd> !object address Where address is the address of the object given in Parameter 2.
 Bug Check 0x19: BAD_POOL_HEADER The BAD_POOL_HEADER bug check has a value of 0x00000019. This indicates that a pool header is corrupt. Parameters The following parameters are displayed on the blue screen. Parameter 1 indicates the type of violation. The meaning of the other parameters depends on the value of Parameter 1. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of Error 0x2 The pool entry being checked The size of the pool block 0 The special pool pattern check failed. (The owner has likely corrupted the pool block.) 0x3 The pool entry being checked The read-back flink freelist value The read-back blink freelist value The pool freelist is corrupt. (In a healthy list, the values of Parameters 2, 3, and 4 should be identical.) 0x5 One of the pool entries Reserved The other pool entry A pair of adjacent pool entries have headers that contradict each other. At least one of them is corrupt. 0x6 One incorrectly-calculated entry Reserved The bad entry that caused the miscalculation The pool block header's previous size is too large. 0x7 0 Reserved The bad pool entry The pool block header size is corrupt. 0x8 0 Reserved The bad pool entry The pool block header size is zero. 0x9 One incorrectly-calculated entry Reserved The bad entry that caused the miscalculation The pool block header size is corrupted (it is too large). 0xA The pool entry that should have been found Reserved The virtual address of the page that should have contained the pool entry The pool block header size is corrupt. 0xD, 0xE, 0xF, 0x23, 0x24, 0x25 Reserved Reserved Reserved The pool header of a freed block has been modified after it was freed. This is not typically the fault of the prior owner of the freed block; instead it is usually (but not always) due to the block preceding the freed block being overrun. 0x20 The pool entry that should have been found The next pool entry Reserved The pool block header size is corrupt. 0X21 The pool pointer being freed The number of bytes allocated for the pool block The corrupted value found following the pool block The data following the pool block being freed is corrupt. Typically this means the consumer (call stack) has overrun the block. 0X22 The address being freed Reserved Reserved An address being freed does not have a tracking entry. This is usually because the call stack is trying to free a pointer that either has already been freed or was never allocated to begin with. Cause The pool is already corrupted at the time of the current request. This may or may not be due to the caller. Resolution The internal pool links must be walked to figure out a possible cause of the problem. Then you can use special pool for the suspect pool tags, or use Driver Verifier on the suspect driver. The !analyze extension may be of help in pinpointing the suspect driver, but this is frequently not the case with pool corrupters.
 Bug Check 0x1A: MEMORY_MANAGEMENT The MEMORY_MANAGEMENT bug check has a value of 0x0000001A. This indicates that a severe memory management error occurred. Parameters The following parameters are displayed on the blue screen. Parameter 1 is the only parameter of interest; this identifies the exact violation. Parameter 1 Cause of Error 0x1 The fork clone block reference count is corrupt. (This only occurs on checked builds of Windows.) 0x31 The image relocation fix-up table or code stream has been corrupted. This is probably a hardware error.
 0x403 The page table and PFNs are out of sync . This is probably a hardware error, especially if parameters 3 & 4 differ by only a single bit. 0x411 A page table entry (PTE) has been corrupted. Parameter 2 is the address of the PTE.
 0x777 The caller is unlocking a system cache address that is not currently locked. (This address was either never mapped or is being unlocked twice.)
 0x778 The system is using the very last system cache view address, instead of preserving it. 0x780 0x781 The PTEs mapping the argument system cache view have been corrupted. 0x1000 A caller of MmGetSystemAddressForMdl* tried to map a fully-cached physical page as non-cached. This action would cause a conflicting hardware translation buffer entry, and so it was refused by the operating system. Since the caller specified "bug check on failure" in the requesting MDL, the system had no choice but to issue a bug check in this instance. 0x1010 The caller is unlocking a pageable section that is not currently locked. (This section was either never locked or is being unlocked twice.)
 0x1233 A driver tried to map a physical memory page that was not locked. This is illegal because the contents or attributes of the page can change at any time. This is a bug in the code that made the mapping call. Parameter 2 is the page frame number of the physical page that the driver attempted to map. 0x1234 The caller is trying lock a nonexistent pageable section.
 0x1235 The caller is trying to protect an MDL with an invalid mapping. 0x3451 The PTEs of a kernel thread stack that has been swapped out are corrupted. 0x5003 The working set free list is corrupt. This is probably a hardware error. 0x5100 The allocation bitmap is corrupt. The memory manager is about to overwrite a virtual address that was already in use. 0x8884 (Windows 7only). Two pages on the standby list that were supposed to have identical page priority values do not, in fact, have identical page priority values. The differing values are captured in parameter 4. 0x8888 0x8889 Internal memory management structures are corrupted. 0x888A Internal memory management structures (likely the PTE or PFN) are corrupted. 0x41283 The working set index encoded in the PTE is corrupted. 0x41284 A PTE or the working set list is corrupted. 0x41286 The caller is trying to free an invalid pool address. 0x41785 The working set list is corrupted. 0x41287 An illegal page fault occurred while holding working set synchronization. Parameter 2 contains the referenced virtual address. 0x41790 A page table page has been corrupted. On a 64 bit version of Windows, parameter 2 contains the address of the PFN for the corrupted page table page. On a 32 bit version of Windows, parameter 2 contains a pointer to the number of used PTEs, and parameter 3 contains the number of used PTEs. 0x41792 A corrupted PTE has been detected. Parameter 2 contains the address of the PTE. Parameters 3/4 contain the low/high parts of the PTE. 0x61940 A PDE has been unexpectedly invalidated. 0x61946 The MDL being created is flawed. This almost always means the driver calling MmProbeAndLockPages is at fault. Typically the driver is attempting to create a Write MDL when it is being asked to process a paging Read. 0x03030303 The boot loader is broken. (This value applies only to Intel Itanium machines.) Other An unknown memory management error occurred. Bug Check 0x1B: PFN_SHARE_COUNT The PFN_SHARE_COUNT bug check has a value of 0x0000001B. This bug check appears very infrequently. Bug Check 0x1C: PFN_REFERENCE_COUNT The PFN_REFERENCE_COUNT bug check has a value of 0x0000001C. This bug check appears very infrequently. Bug Check 0x1D: NO_SPIN_LOCK_AVAILABLE The NO_SPIN_LOCK_AVAILABLE bug check has a value of 0x0000001D. This bug check appears very infrequently. Bug Check 0x1E: KMODE_EXCEPTION_NOT_HANDLED The KMODE_EXCEPTION_NOT_HANDLED bug check has a value of 0x0000001E. This indicates that a kernel-mode program generated an exception which the error handler did not catch. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The exception code that was not handled 2 The address at which the exception occurred 3 Parameter 0 of the exception 4 Parameter 1 of the exception Cause This is a very common bug check. To interpret it, you must identify which exception was generated. Common exception codes include: 0x80000002: STATUS_DATATYPE_MISALIGNMENT An unaligned data reference was encountered. 0x80000003: STATUS_BREAKPOINT A breakpoint or ASSERT was encountered when no kernel debugger was attached to the system. 0xC0000005: STATUS_ACCESS_VIOLATION A memory access violation occurred. (Parameter 4 of the bug check is the address that the driver attempted to access.) For a complete list of exception codes, see the ntstatus.h file located in the inc directory of the Windows Driver Kit. Resolution If you are not equipped to debug this problem, you should use some basic troubleshooting techniques. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters. Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you plan to debug this problem, you may find it difficult to obtain a stack trace. Parameter 2 (the exception address) should pinpoint the driver or function that caused this problem. If exception code 0x80000003 occurs, this indicates that a hard-coded breakpoint or assertion was hit, but the system was started with the /NODEBUG switch. This problem should rarely occur. If it occurs repeatedly, make sure a kernel debugger is connected and the system is started with the /DEBUG switch. If exception code 0x80000002 occurs, the trap frame will supply additional information. If the specific cause of the exception is unknown, the following should be considered: Hardware incompatibility. First, make sure that any new hardware installed is compatible with the installed version of Windows. For example, you can get information about compatibility with Windows 7 at the Windows 7 Compatibility Center. Faulty device driver or system service. In addition, a faulty device driver or system service might be responsible for this error. Hardware issues, such as BIOS incompatibilities, memory conflicts, and IRQ conflicts can also generate this error. If a driver is listed by name within the bug check message, disable or remove that driver. Disable or remove any drivers or services that were recently added. If the error occurs during the startup sequence and the system partition is formatted with NTFS file system, you might be able to use Safe Mode to rename or delete the faulty driver. If the driver is used as part of the system startup process in Safe Mode, you need to start the computer by using the Recovery Console to access the file. If the problem is associated with Win32k.sys, the source of the error might be a third-party remote control program. If such software is installed, the service can be removed by starting the system using the Recovery Console and deleting the offending system service file. Check the System Log in Event Viewer for additional error messages that might help pinpoint the device or driver that is causing bug check 0x1E. Disabling memory caching of the BIOS might also resolve the error. You should also run hardware diagnostics, especially the memory scanner, supplied by the system manufacturer. For details on these procedures, see the owner's manual for your computer. The error that generates this message can occur after the first restart during Windows Setup, or after Setup is finished. A possible cause of the error is a system BIOS incompatibility. BIOS problems can be resolved by upgrading the system BIOS version. To get a stack trace if the normal stack tracing procedures fail Use the kb (Display Stack Backtrace) command to display parameters in the stack trace. Look for the call to NT!PspUnhandledExceptionInSystemThread. (If this function is not listed, see the note below.) The first parameter to NT!PspUnhandledExceptionInSystemThread is a pointer to a structure, which contains pointers to an except statement: typedef struct _EXCEPTION_POINTERS { PEXCEPTION_RECORD ExceptionRecord; PCONTEXT ContextRecord; } EXCEPTION_POINTERS, *PEXCEPTION_POINTERS; ULONG PspUnhandledExceptionInSystemThread( IN PEXCEPTION_POINTERS ExceptionPointers ) Use the dd (Display Memory) command on that address to display the necessary data. The first retrieved value is an exception record and the second is a context record. Use the .exr (Display Exception Record) command and the .cxr (Display Context Record) command with these two values as their arguments, respectively. After the .cxr command executes, use the kb command to display a stack trace that is based on the context record information. This stack trace indicates the calling stack where the unhandled exception occurred. Note This procedure assumes that you can locate NT!PspUnhandledExceptionInSystemThread. However, in some cases (such as an access violation crash) you will not be able to do this. In that case, look for ntoskrnl!KiDispatchException. The third parameter passed to this function is a trap frame address. Use the .trap (Display Trap Frame) command with this address to set the Register Context to the proper value. You can then perform stack traces and issue other commands. Here is an example of bug check 0x1E on an x86 processor: kd> .bugcheck get the bug check data Bugcheck code 0000001e Arguments c0000005 8013cd0a 00000000 0362cffff kd> kb start with a stack trace FramePtr RetAddr Param1 Param2 Param3 Function Name 8013ed5c 801263ba 00000000 00000000 fe40cb00 NT!_DbgBreakPoint 8013eecc 8013313c 0000001e c0000005 8013cd0a NT!_KeBugCheckEx+0x194 fe40cad0 8013318e fe40caf8 801359ff fe40cb00 NT!PspUnhandledExceptionInSystemThread+0x18 fe40cad8 801359ff fe40cb00 00000000 fe40cb00 NT!PspSystemThreadStartup+0x4a fe40cf7c 8013cb8e fe43a44c ff6ce388 00000000 NT!_except_handler3+0x47 00000000 00000000 00000000 00000000 00000000 NT!KiThreadStartup+0xe kd> dd fe40caf8 L2 dump EXCEPTION_POINTERS structure 0xFE40CAF8 fe40cd88 fe40cbc4 ..@...@. kd> .exr fe40cd88 first DWORD is the exception record Exception Record @ FE40CD88: ExceptionCode: c0000005 ExceptionFlags: 00000000 Chained Record: 00000000 ExceptionAddress: 8013cd0a NumberParameters: 00000002 Parameter[0]: 00000000 Parameter[1]: 0362cfff kd> .cxr fe40cbc4 second DWORD is the context record CtxFlags: 00010017 eax=00087000 ebx=00000000 ecx=03ff0000 edx=ff63d000 esi=0362cfff edi=036b3fff eip=8013cd0a esp=fe40ce50 ebp=fe40cef8 iopl=0 nv dn ei pl nz ac po cy vip=0 vif=0 cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010617 0x8013cd0a f3a4 rep movsb kd> kb kb gives stack for context record ChildEBP RetAddr Args to Child fe40ce54 80402e09 ff6c4000 ff63d000 03ff0000 NT!_RtlMoveMemory@12+0x3e fe40ce68 80403c18 ffbc0c28 ff6ce008 ff6c4000 HAL!_HalpCopyBufferMap@20+0x49 fe40ce9c fe43b1e4 ff6cef90 ffbc0c28 ff6ce009 HAL!_IoFlushAdapterBuffers@24+0x148 fe40ceb8 fe4385b4 ff6ce388 6cd00800 ffbc0c28 QIC117!_kdi_FlushDMABuffers@20+0x28 fe40cef8 fe439894 ff6cd008 ffb6c820 fe40cf4c QIC117!_cqd_CmdReadWrite@8+0x26e fe40cf18 fe437d92 ff6cd008 ffb6c820 ff6e4e50 QIC117!_cqd_DispatchFRB@8+0x210 fe40cf30 fe43a4f5 ff6cd008 ffb6c820 00000000 QIC117!_cqd_ProcessFRB@8+0x134 fe40cf4c 80133184 ff6ce388 00000000 00000000 QIC117!_kdi_ThreadRun@4+0xa9 fe40cf7c 8013cb8e fe43a44c ff6ce388 00000000 NT!_PspSystemThreadStartup@8+0x40 Bug Check 0x1F: SHARED_RESOURCE_CONV_ERROR The SHARED_RESOURCE_CONV_ERROR bug check has a value of 0x0000001F. This bug check appears very infrequently. Bug Check 0x20: KERNEL_APC_PENDING_DURING_EXIT The KERNEL_APC_PENDING_DURING_EXIT bug check has a value of 0x00000020. This indicates that an asynchronous procedure call (APC) was still pending when a thread exited. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The address of the APC found pending during exit 2 The thread's APC disable count 3 The current IRQL 4 Reserved Cause The key data item is the APC disable count (Parameter 2) for the thread. If the count is nonzero, it will indicate the source of the problem. The APC disable count is decremented each time a driver calls KeEnterCriticalRegion, FsRtlEnterFileSystem, or acquires a mutex. The APC disable count is incremented each time a driver calls KeLeaveCriticalRegion, KeReleaseMutex, or FsRtlExitFileSystem. Because these calls should always be in pairs, the APC disable count should be zero when a thread exits. A negative value indicates that a driver has disabled APC calls without re-enabling them. A positive value indicates that the reverse is true. If you ever see this error, be very suspicious of all drivers installed on the machine -- especially unusual or non-standard drivers. This current IRQL (Parameter 3) should be zero. If it is not, the driver's cancellation routine may have caused this bug check by returning at an elevated IRQL. In this case, carefully note what was running (and what was closing) at the time of the crash, and note all of the installed drivers at the time of the crash. The cause in this case is usually a severe bug in a driver.
 Bug Check 0x21: QUOTA_UNDERFLOW The QUOTA_UNDERFLOW bug check has a value of 0x00000021. This indicates that quota charges have been mishandled by returning more quota to a particular block than was previously charged. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The process that was initially charged, if available. 2 The quota type. For the list of all possible quota type values, see the header file Ps.h in the Windows Driver Kit (WDK). 3 The initial charged amount of quota to return. 4 The remaining amount of quota that was not returned. Bug Check 0x22: FILE_SYSTEM The FILE_SYSTEM bug check has a value of 0x00000022. This bug check appears very infrequently. Bug Check 0x23: FAT_FILE_SYSTEM The FAT_FILE_SYSTEM bug check has a value of 0x00000023. This indicates that a problem occurred in the FAT file system. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Specifies source file and line number information. The high 16 bits (the first four hexadecimal digits after the "0x") identify the source file by its identifier number. The low 16 bits identify the source line in the file where the bug check occurred. 2 If FatExceptionFilter is on the stack, this parameter specifies the address of the exception record. 3 If FatExceptionFilter is on the stack, this parameter specifies the address of the context record. 4 Reserved Cause One possible cause of this bug check is disk corruption. Corruption in the file system or bad blocks (sectors) on the disk can induce this error. Corrupted SCSI and IDE drivers can also adversely affect the system's ability to read and write to the disk, thus causing the error. Another possible cause is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error. Resolution To debug this problem: Use the .cxr (Display Context Record) command with Parameter 3, and then use kb (Display Stack Backtrace). To resolve a disk corruption problem: Check Event Viewer for error messages from SCSI and FASTFAT (System Log) or Autochk (Application Log) that might help pinpoint the device or driver that is causing the error. Try disabling any virus scanners, backup programs, or disk defragmenter tools that continually monitor the system. You should also run hardware diagnostics supplied by the system manufacturer. For details on these procedures, see the owner's manual for your computer. Run Chkdsk /f /r to detect and resolve any file system structural corruption. You must restart the system before the disk scan begins on a system partition. To resolve a nonpaged pool memory depletion problem: Add new physical memory to the computer. This will increase the quantity of nonpaged pool memory available to the kernel.
 Bug Check 0x24: NTFS_FILE_SYSTEM The NTFS_FILE_SYSTEM bug check has a value of 0x00000024. This indicates a problem occurred in ntfs.sys, the driver file that allows the system to read and write to NTFS drives. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Specifies source file and line number information. The high 16 bits (the first four hexadecimal digits after the "0x") identify the source file by its identifier number. The low 16 bits identify the source line in the file where the bug check occurred. 2 If NtfsExceptionFilter is on the stack, this parameter specifies the address of the exception record. 3 If NtfsExceptionFilter is on the stack, this parameter specifies the address of the context record. 4 Reserved Cause One possible cause of this bug check is disk corruption. Corruption in the NTFS file system or bad blocks (sectors) on the hard disk can induce this error. Corrupted SCSI and IDE drivers can also adversely affect the system's ability to read and write to disk, thus causing the error. Another possible cause is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error. Resolution To debug this problem: Use the .cxr (Display Context Record) command with Parameter 3, and then use kb (Display Stack Backtrace). To resolve a disk corruption problem: Check Event Viewer for error messages from SCSI and FASTFAT (System Log) or Autochk (Application Log) that might help pinpoint the device or driver that is causing the error. Try disabling any virus scanners, backup programs, or disk defragmenter tools that continually monitor the system. You should also run hardware diagnostics supplied by the system manufacturer. For details on these procedures, see the owner's manual for your computer. Run Chkdsk /f /r to detect and resolve any file system structural corruption. You must restart the system before the disk scan begins on a system partition. To resolve a nonpaged pool memory depletion problem: Either add new physical memory to the computer (thus increasing the quantity of nonpaged pool memory available to the kernel), or reduce the number of files on the Services for Macintosh (SFM) volume. Bug Check 0x25: NPFS_FILE_SYSTEM The NPFS_FILE_SYSTEM bug check has a value of 0x00000025. This indicates that a problem occurred in the NPFS file system. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Specifies source file and line number information. The high 16 bits (the first four hexadecimal digits after the "0x") identify the source file by its identifier number. The low 16 bits identify the source line in the file where the bug check occurred. 2 Reserved 3 Reserved 4 Reserved Cause One possible cause of this bug check is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error. Resolution To resolve a nonpaged pool memory depletion problem: Add new physical memory to the computer. This will increase the quantity of nonpaged pool memory available to the kernel. Bug Check 0x26: CDFS_FILE_SYSTEM The CDFS_FILE_SYSTEM bug check has a value of 0x00000026. This indicates that a problem occurred in the CD file system. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Specifies source file and line number information. The high 16 bits (the first four hexadecimal digits after the "0x") identify the source file by its identifier number. The low 16 bits identify the source line in the file where the bug check occurred. 2 If CdExceptionFilter is on the stack, this parameter specifies the address of the exception record. 3 If CdExceptionFilter is on the stack, this parameter specifies the address of the context record. 4 Reserved Cause One possible cause of this bug check is disk corruption. Corruption in the file system or bad blocks (sectors) on the disk can induce this error. Corrupted SCSI and IDE drivers can also adversely affect the system's ability to read and write to the disk, thus causing the error. Another possible cause is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error. Resolution To debug this problem: Use the .cxr (Display Context Record) command with Parameter 3, and then use kb (Display Stack Backtrace). To resolve a disk corruption problem: Check Event Viewer for error messages from SCSI and FASTFAT (System Log) or Autochk (Application Log) that might help pinpoint the device or driver that is causing the error. Try disabling any virus scanners, backup programs, or disk defragmenter tools that continually monitor the system. You should also run hardware diagnostics supplied by the system manufacturer. For details on these procedures, see the owner's manual for your computer. Run Chkdsk /f /r to detect and resolve any file system structural corruption. You must restart the system before the disk scan begins on a system partition. To resolve a nonpaged pool memory depletion problem: Add new physical memory to the computer. This will increase the quantity of nonpaged pool memory available to the kernel. Bug Check 0x27: RDR_FILE_SYSTEM The RDR_FILE_SYSTEM bug check has a value of 0x00000027. This indicates that a problem occurred in the SMB redirector file system. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The high 16 bits (the first four hexadecimal digits after the "0x") identify the type of problem. Possible values include: 0xCA550000 RDBSS_BUG_CHECK_CACHESUP 0xC1EE0000 RDBSS_BUG_CHECK_CLEANUP 0xC10E0000 RDBSS_BUG_CHECK_CLOSE 0xBAAD0000 RDBSS_BUG_CHECK_NTEXCEPT 2 If RxExceptionFilter is on the stack, this parameter specifies the address of the exception record. 3 If RxExceptionFilter is on the stack, this parameter specifies the address of the context record. 4 Reserved Cause One possible cause of this bug check is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error. Resolution To debug this problem: Use the .cxr (Display Context Record) command with Parameter 3, and then use kb (Display Stack Backtrace). To resolve a nonpaged pool memory depletion problem: Add new physical memory to the computer. This will increase the quantity of nonpaged pool memory available to the kernel. Bug Check 0x28: CORRUPT_ACCESS_TOKEN The CORRUPT_ACCESS_TOKEN bug check has a value of 0x00000028. This bug check appears very infrequently. Bug Check 0x29: SECURITY_SYSTEM The SECURITY_SYSTEM bug check has a value of 0x00000029. This bug check appears very infrequently. Bug Check 0x2A: INCONSISTENT_IRP The INCONSISTENT_IRP bug check has a value of 0x0000002A. This indicates that an IRP was found to contain inconsistent information. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The address of the IRP that was found to be inconsistent 2 Reserved 3 Reserved 4 Reserved Cause An IRP was discovered to be in an inconsistent state. Usually this means some field of the IRP was inconsistent with the remaining state of the IRP. An example would be an IRP that was being completed, but was still marked as being queued to a driver's device queue. Remarks This bug check code is not currently being used in the system, but exists for debugging purposes. Bug Check 0x2B: PANIC_STACK_SWITCH The PANIC_STACK_SWITCH bug check has a value of 0x0000002B. This indicates that the kernel mode stack was overrun. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The trap frame 2 Reserved 3 Reserved 4 Reserved Cause This error normally appears when a kernel-mode driver uses too much stack space. It can also appear when serious data corruption occurs in the kernel. Bug Check 0x2C: PORT_DRIVER_INTERNAL The PORT_DRIVER_INTERNAL bug check has a value of 0x0000002C. This bug check appears very infrequently. Bug Check 0x2D: SCSI_DISK_DRIVER_INTERNAL The SCSI_DISK_DRIVER_INTERNAL bug check has a value of 0x0000002D. This bug check appears very infrequently. Bug Check 0x2E: DATA_BUS_ERROR The DATA_BUS_ERROR bug check has a value of 0x0000002E. This typically indicates that a parity error in system memory has been detected. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Virtual address that caused the fault 2 Physical address that caused the fault 3 Processor status register (PSR) 4 Faulting instruction register (FIR) Cause This error is almost always caused by a hardware problem -- a configuration issue, defective hardware, or incompatible hardware. The most common hardware problems that can cause this error are defective RAM, Level 2 (L2) RAM cache errors, or video RAM errors. Hard disk corruption can also cause this error. This bug check can also be caused when a device driver attempts to access an address in the 0x8xxxxxxx range that does not exist (in other words, that does not have a physical address mapping). Resolution Resolving a hardware problem: If hardware has recently been added to the system, remove it to see if the error recurs. If existing hardware has failed, remove or replace the faulty component. You should run hardware diagnostics supplied by the system manufacturer to determine which hardware component has failed. For details on these procedures, see the owner's manual for your computer. Check that all adapter cards in the computer are properly seated. Use an ink eraser or an electrical contact treatment, available at electronics supply stores, to ensure that adapter card contacts are clean. If the problem occurs on a newly installed system, check the availability of updates for the BIOS, the SCSI controller or network cards. Updates of this kind are typically available on the Web site or the bulletin board system (BBS) of the hardware manufacturer. If the error occurs after installing a new or updated device driver, the driver should be removed or replaced. If, under this circumstance, the error occurs during startup and the system partition is formatted with NTFS, you might be able to use Safe Mode to rename or delete the faulty driver. If the driver is used as part of the system startup process in Safe Mode, you need to start the computer using the Recovery Console in order to access the file. For additional error messages that might help pinpoint the device or driver that is causing the error, check the System Log in Event Viewer. Disabling memory caching or shadowing in the BIOS might also resolve this error. In addition, check the system for viruses, using any up-to-date commercial virus scanning software that examines the Master Boot Record of the hard disk. All Windows file systems can be infected by viruses. Resolving a hard disk corruption problem: Run Chkdsk /f /r on the system partition. You must restart the system before the disk scan begins. If you cannot start the system due to the error, use the Recovery Console and run Chkdsk /r. Warning If your system partition is formatted with the file allocation table (FAT) file system, the long filenames used by Windows can be damaged if Scandisk or another Microsoft MS-DOS-based hard disk tool is used to verify the integrity of your hard disk from MS-DOS. Always use the version of Chkdsk that matches your Windows version. Bug Check 0x2F: INSTRUCTION_BUS_ERROR The INSTRUCTION_BUS_ERROR bug check has a value of 0x0000002F. This bug check appears very infrequently. Bug Check 0x30: SET_OF_INVALID_CONTEXT The SET_OF_INVALID_CONTEXT bug check has a value of 0x00000030. This indicates that the stack pointer in a trap frame had an invalid value. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The new stack pointer 2 The old stack pointer 3 The trap frame address 4 0 Cause This bug check occurs when some routine attempts to set the stack pointer in the trap frame to a lower value than the current stack pointer value. If this error were not caught, it would cause the kernel to run with a stack pointer pointing to stack which is no longer valid. Bug Check 0x31: PHASE0_INITIALIZATION_FAILED The PHASE0_INITIALIZATION_FAILED bug check has a value of 0x00000031. This indicates that system initialization failed. Parameters None Cause System initialization failed at a very early stage. Resolution A debugger is required to analyze this.
 Bug Check 0x32: PHASE1_INITIALIZATION_FAILED The PHASE1_INITIALIZATION_FAILED bug check has a value of 0x00000032. This indicates that system initialization failed. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The NT status code that describes why the system initialization failed 2 Reserved 3 Reserved 4 Reserved
 Bug Check 0x33: UNEXPECTED_INITIALIZATION_CALL The UNEXPECTED_INITIALIZATION_CALL bug check has a value of 0x00000033. This bug check appears very infrequently.
 Bug Check 0x34: CACHE_MANAGER The CACHE_MANAGER bug check has a value of 0x00000034. This indicates that a problem occurred in the file system's cache manager. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Specifies source file and line number information. The high 16 bits (the first four hexadecimal digits after the "0x") identify the source file by its identifier number. The low 16 bits identify the source line in the file where the bug check occurred. 2 Reserved 3 Reserved 4 Reserved Cause One possible cause of this bug check is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error. Resolution To resolve a nonpaged pool memory depletion problem: Add new physical memory to the computer. This will increase the quantity of nonpaged pool memory available to the kernel. Bug Check 0x35: NO_MORE_IRP_STACK_LOCATIONS The NO_MORE_IRP_STACK_LOCATIONS bug check has a value of 0x00000035. This bug check occurs when the IoCallDriver packet has no more stack locations remaining. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Address of the IRP 2 Reserved 3 Reserved 4 Reserved Cause A higher-level driver has attempted to call a lower-level driver through the IoCallDriver interface, but there are no more stack locations in the packet. This will prevent the lower-level driver from accessing its parameters. This is a disastrous situation, since the higher level driver is proceeding as if it has filled in the parameters for the lower level driver (as required). But since there is no stack location for the latter driver, the former has actually written off the end of the packet. This means that some other memory has been corrupted as well. Bug Check 0x36: DEVICE_REFERENCE_COUNT_NOT_ZERO The DEVICE_REFERENCE_COUNT_NOT_ZERO bug check has a value of 0x00000036. This indicates that a driver attempted to delete a device object that still had a positive reference count. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The address of the device object 2 Reserved 3 Reserved 4 Reserved Cause A device driver has attempted to delete one of its device objects from the system, but the reference count for that object was non-zero. This means there are still outstanding references to the device. (The reference count indicates the number of reasons why this device object cannot be deleted.) This is a bug in the calling device driver. Bug Check 0x37: FLOPPY_INTERNAL_ERROR The FLOPPY_INTERNAL_ERROR bug check has a value of 0x00000037. This bug check appears very infrequently. Bug Check 0x38: SERIAL_DRIVER_INTERNAL The SERIAL_DRIVER_INTERNAL bug check has a value of 0x00000038. This bug check appears very infrequently. Bug Check 0x39: SYSTEM_EXIT_OWNED_MUTEX The SYSTEM_EXIT_OWNED_MUTEX bug check has a value of 0x00000039. This indicates that the worker routine returned without releasing the mutex object that it owned. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The address of the worker routine that caused the error. 2 The parameter passed to the worker routine. 3 The address of the work item. 4 Reserved. Cause The worker routine returned while it still owned a mutex object. The current worker thread will proceed to run other unrelated work items, and the mutex will never be released. Resolution A debugger is required to analyze this problem. To find the driver that caused the error, use the ln (List Nearest Symbols) debugger command: kd> ln address Where address is the worker routine given in Parameter 1.
 Bug Check 0x3A: SYSTEM_UNWIND_PREVIOUS_USER The SYSTEM_UNWIND_PREVIOUS_USER bug check has a value of 0x0000003A. This bug check appears very infrequently. Bug Check 0x3B: SYSTEM_SERVICE_EXCEPTION The SYSTEM_SERVICE_EXCEPTION bug check has a value of 0x0000003B. This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The exception that caused the bug check 2 The address of the exception record for the exception that caused the bug check 3 The address of the context record for the exception that caused the bug check 4 0 Cause This error has been linked to excessive paged pool usage and may occur due to user-mode graphics drivers crossing over and passing bad data to the kernel code.
 Bug Check 0x3C: INTERRUPT_UNWIND_ATTEMPTED The INTERRUPT_UNWIND_ATTEMPTED bug check has a value of 0x0000003C. This bug check appears very infrequently. Bug Check 0x3D: INTERRUPT_EXCEPTION_NOT_HANDLED The INTERRUPT_EXCEPTION_NOT_HANDLED bug check has a value of 0x0000003D. This bug check appears very infrequently. Bug Check 0x3E: MULTIPROCESSOR_CONFIGURATION_NOT_SUPPORTED The MULTIPROCESSOR_CONFIGURATION_NOT_SUPPORTED bug check has a value of 0x0000003E. This indicates that the system has multiple processors, but they are asymmetric in relation to one another. Parameters None Cause In order to be symmetric, all processors must be of the same type and level. This system contains processors of different types (for example, a Pentium processor and an 80486 processor). Bug Check 0x3F: NO_MORE_SYSTEM_PTES The NO_MORE_SYSTEM_PTES bug check has a value of 0x0000003F. This is the result of a system which has performed too many I/O actions. This has resulted in fragmented system page table entries (PTE). Parameters The following parameters are displayed on the blue screen. Parameter Description 1 0: system expansion PTE type 1: nonpaged pool expansion PTE type 2 Size of memory request 3 Total free system PTEs 4 Total system PTEs Cause In almost all cases, the system is not actually out of PTEs. Rather, a driver has requested a large block of memory, but there is no contiguous block of sufficient size to satisfy this request. Often video drivers will allocate large amounts of kernel memory that must succeed. Some backup programs do the same. Resolution A possible work-around: Modify the registry to increase the total number of system PTEs. If this does not help, remove any recently-installed software, especially backup utilities or disk-intensive applications. Debugging the problem: The following method can be used to debug bug check 0x3F. First, get a stack trace, and use the !sysptes 3 extension command. Then set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\TrackPtes equal to DWORD 1, and reboot. This will cause the system to save stack traces. This allows you to display more detailed information about the PTE owners. For example: 0: kd> !sysptes 4 0x2c47 System PTEs allocated to mapping locked pages VA MDL PageCount Caller/CallersCaller f0e5db48 eb6ceef0 1 ntkrpamp!MmMapLockedPages+0x15/ntkrpamp!IopfCallDriver+0x35 f0c3fe48 eb634bf0 1 netbt!NbtTdiAssociateConnection+0x1f/netbt!DelayedNbtProcessConnect+0x17c f0db38e8 eb65b880 1 mrxsmb!SmbMmAllocateSessionEntry+0x89/mrxsmb!SmbCepInitializeExchange+0xda f8312568 eb6df880 1 rdbss!RxCreateFromNetRoot+0x3d7/rdbss!RxCreateFromNetRoot+0x93 f8363908 eb685880 1 mrxsmb!SmbMmAllocateSessionEntry+0x89/mrxsmb!SmbCepInitializeExchange+0xda f0c54248 eb640880 1 rdbss!RxCreateFromNetRoot+0x3d7/rdbss!RxCreateFromNetRoot+0x93 f0ddf448 eb5f3160 1 mrxsmb!MrxSmbUnalignedDirEntryCopyTail+0x387/mrxsmb!MRxSmbCoreInformation+0x36 f150bc08 eb6367b0 1 mrxsmb!MrxSmbUnalignedDirEntryCopyTail+0x387/mrxsmb!MRxSmbCoreInformation+0x36 f1392308 eb6fba70 1 netbt!NbtTdiOpenAddress+0x1fb/netbt!DelayedNbtProcessConnect+0x17c eb1bee64 edac5000 200 VIDEOPRT!pVideoPortGetDeviceBase+0x118/VIDEOPRT!VideoPortMapMemory+0x45 f139b5a8 edd4b000 12 rdbss!FsRtlCopyWrite2+0x34/rdbss!RxDriverEntry+0x149 eb41f400 ede92000 20 VIDEOPRT!pVideoPortGetDeviceBase+0x139/VIDEOPRT!VideoPortGetDeviceBase+0x1b eb41f198 edf2a000 20 NDIS!NdisReadNetworkAddress+0x3a/NDIS!NdisFreeSharedMemory+0x58 eb41f1e4 eb110000 10 VIDEOPRT!pVideoPortGetDeviceBase+0x139/VIDEOPRT!VideoPortGetDeviceBase+0x1b ...... If the system runs out of PTEs again after the TrackPtes registry value has been set, bug check 0xD8 (DRIVER_USED_EXCESSIVE_PTES) will be issued instead of 0x3F. The name of the driver causing this error will be displayed as well. Bug Check 0x40: TARGET_MDL_TOO_SMALL The TARGET_MDL_TOO_SMALL bug check has a value of 0x00000040. This indicates that a driver has improperly used IoBuildPartialMdl. Parameters None Cause This is a driver bug. A driver has called the IoBuildPartialMdl function and passed it an MDL to map part of a source MDL, but the target MDL is not large enough to map the entire range of addresses requested. Resolution The source and target MDLs, as well as the address range length to be mapped, are the first, second, and fourth arguments to the IoBuildPartialMdl function. Therefore, doing a stack trace on this particular function might help during the debugging process. Ensure that your code is correctly calculating the necessary size for the target MDL for the address range length that you are passing to this function. Bug Check 0x41: MUST_SUCCEED_POOL_EMPTY The MUST_SUCCEED_POOL_EMPTY bug check has a value of 0x00000041. This indicates that a kernel-mode thread has requested too much must-succeed pool. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The size of the request that could not be satisfied 2 The number of pages used from nonpaged pool 3 The number of requests from nonpaged pool larger than PAGE_SIZE 4 The number of pages available Cause In Microsoft Windows 2000, only a small amount of must-succeed pool is permitted. In Windows XP and later, no driver is permitted to request must-succeed pool. If a must-succeed request cannot be filled, this bug check is issued. Resolution Replace or rewrite the driver which is making the request. A driver should not request must-succeed pool. Instead, it should ask for normal pool and gracefully handle the scenario where the pool is temporarily empty. The kb (Display Stack Backtrace) command will show the driver that caused the error. Additionally, it is possible that a second component has depleted the must-succeed pool. To determine if this is the case, first use the kb command. Then use !vm 1 to display total pool usage, !poolused 2 to display per-tag nonpaged pool usage, and !poolused 4 to display per-tag paged pool usage. The component associated with the tag using the most pool is probably the source of the problem. Bug Check 0x42: ATDISK_DRIVER_INTERNAL The ATDISK_DRIVER_INTERNAL bug check has a value of 0x00000042. This bug check appears very infrequently. Bug Check 0x43: NO_SUCH_PARTITION The NO_SUCH_PARTITION bug check has a value of 0x00000043. This bug check appears very infrequently. Bug Check 0x44: MULTIPLE_IRP_COMPLETE_REQUESTS The MULTIPLE_IRP_COMPLETE_REQUESTS bug check has a value of 0x00000044. This indicates that a driver has tried to requested an IRP be completed that is already complete. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The address of the IRP 2 Reserved 3 Reserved 4 Reserved Cause A driver has called IoCompleteRequest to ask that an IRP be completed, but the packet has already been completed. Resolution This is a tough bug to find because the simplest case -- a driver that attempted to complete its own packet twice -- is usually not the source of the problem. More likely, two separate drivers each believe that they own the packet, and each has attempted to complete it. The first request succeeds, and the second fails, resulting in this bug check. Tracking down which drivers in the system caused the error is difficult, because the trail of the first driver has been covered by the second. However, the driver stack for the current request can be found by examining the device object fields in each of the stack locations. Bug Check 0x45: INSUFFICIENT_SYSTEM_MAP_REGS The INSUFFICIENT_SYSTEM_MAP_REGS bug check has a value of 0x00000045. This bug check appears very infrequently. Bug Check 0x46: DEREF_UNKNOWN_LOGON_SESSION The DEREF_UNKNOWN_LOGON_SESSION bug check has a value of 0x00000046. This bug check appears very infrequently. Bug Check 0x47: REF_UNKNOWN_LOGON_SESSION The REF_UNKNOWN_LOGON_SESSION bug check has a value of 0x00000047. This bug check appears very infrequently. Bug Check 0x48: CANCEL_STATE_IN_COMPLETED_IRP The CANCEL_STATE_IN_COMPLETED_IRP bug check has a value of 0x00000048. This indicates that an I/O request packet (IRP) was completed, and then was subsequently canceled. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 A pointer to the IRP 2 The cancel routine set by the driver 3 Reserved 4 Reserved Cause An IRP that had a Cancel routine set was completed normally, without cancellation. But after it was complete, a driver called the IRP's Cancel routine. This could be caused by a driver that completed the IRP and then attempted to cancel it. It could also be caused by two drivers each trying to access the same IRP in an improper way. Resolution The cancel routine parameter can be used to determine which driver or stack caused the bug check. Bug Check 0x49: PAGE_FAULT_WITH_INTERRUPTS_OFF The PAGE_FAULT_WITH_INTERRUPTS_OFF bug check has a value of 0x00000049. This bug check appears very infrequently. Bug Check 0x4A: IRQL_GT_ZERO_AT_SYSTEM_SERVICE The IRQL_GT_ZERO_AT_SYSTEM_SERVICE bug check has a value of 0x0000004A. This indicates that a thread is returning to user mode from a system call when its IRQL is still above PASSIVE_LEVEL. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The address of the system function (system call routine) 2 The current IRQL 3 0 4 0 Bug Check 0x4B: STREAMS_INTERNAL_ERROR The STREAMS_INTERNAL_ERROR bug check has a value of 0x0000004B. This bug check appears very infrequently. Bug Check 0x4C: FATAL_UNHANDLED_HARD_ERROR The FATAL_UNHANDLED_HARD_ERROR bug check has a value of 0x0000004C. This bug check appears very infrequently. Bug Check 0x4D: NO_PAGES_AVAILABLE The NO_PAGES_AVAILABLE bug check has a value of 0x0000004D. This indicates that no free pages are available to continue operations. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The total number of dirty pages 2 The number of dirty pages destined for the page file 3 Windows XP and Windows 2000: The size of the nonpaged pool available at the time the bug check occurred Windows Server 2003 and later: Reserved 4 Windows 2000: The number of transition pages that are currently stranded Windows XP and later: The most recent modified write error status. Cause To see general memory statistics, use the !vm 3 extension. This bug check can occur for any of the following reasons: A driver has blocked, deadlocking the modified or mapped page writers. Examples of this include mutex deadlocks or accesses to paged out memory in file system drivers or filter drivers. This indicates a driver bug. If Parameter 1 or Parameter 2 is large, then this is a possibility. Use !vm 3. A storage driver is not processing requests. Examples of this are stranded queues and non-responding drives. This indicates a driver bug. If Parameter 1 or Parameter 2 is large, then this is a possibility. Use !vm 8, followed by !process 0 7. A high-priority realtime thread has starved the balance set manager from trimming pages from the working set, or starved the modified page writer from writing them out. This indicates a bug in the component that created this thread. This situation is difficult to analyze. Try using !ready. Try also !process 0 7 to list all threads and see if any have accumulated excessive kernel time as well as what their current priorities are. Such processes may have blocked out the memory management threads from making pages available. Windows XP and Windows 2000: Not enough pool is available for the storage stack to write out modified pages. This indicates a driver bug. If Parameter 3 is small, then this is a possibility. Use !vm and !poolused 2. Windows 2000: All the processes have been trimmed to their minimums and all modified pages written, but still no memory is available. The freed memory must be stuck in transition pages with non-zero reference counts -- thus they cannot be put on the freelist. A driver is neglecting to unlock the pages preventing the reference counts from going to zero which would free the pages. This may be due to transfers that never finish, causing the driver routines to run endlessly, or to other driver bugs. If Parameter 4 is large, then this is a possibility. But it is very hard to find the driver. Try the !process 0 1 extension and look for any drivers that have a lot of locked pages. If the problem cannot be found, then try booting with a kernel debugger attached from the beginning, and monitor the situation. Bug Check 0x4E: PFN_LIST_CORRUPT The PFN_LIST_CORRUPT bug check has a value of 0x0000004E. This indicates that the page frame number (PFN) list is corrupted. Parameters The following parameters are displayed on the blue screen. Parameter 1 indicates the type of violation. The meaning of the other parameters depends on the value of Parameter 1. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of Error 0x01 The ListHead value that was corrupted The number of pages available 0 The list head was corrupted. 0x02 The entry in the list that is being removed The highest physical page number The reference count of the entry being removed A list entry was corrupted. 0x07 The page frame number The current share count 0 A driver has unlocked a certain page more times than it locked it. 0x8D The page frame number whose state is inconsistent 0 0 The page-free list is corrupted. This error code most likely indicates a hardware issue. 0x8F New page number Old page number 0 The free or zeroed page listhead is corrupted. 0x99 Page frame number Current page state 0 A page table entry (PTE) or PFN is corrupted. 0x9A Page frame number Current page state The reference count of the entry that is being removed A driver attempted to free a page that is still locked for IO. Cause This error is typically caused by a driver passing a bad memory descriptor list. For example, the driver might have called MmUnlockPages twice with the same list. If a kernel debugger is available, examine the stack trace. Bug Check 0x4F: NDIS_INTERNAL_ERROR The NDIS_INTERNAL_ERROR bug check has a value of 0x0000004F. This bug check appears very infrequently. Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREA The PAGE_FAULT_IN_NONPAGED_AREA bug check has a value of 0x00000050. This indicates that invalid system memory has been referenced. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Memory address referenced 2 0: Read operation 1: Write operation 3 Address that referenced memory (if known) 4 Reserved If the driver responsible for the error can be identified, its name is printed on the blue screen and stored in memory at the location (PUNICODE_STRING) KiBugCheckDriver. Cause Bug check 0x50 usually occurs after the installation of faulty hardware or in the event of failure of installed hardware (usually related to defective RAM, be it main memory, L2 RAM cache, or video RAM). Another common cause is the installation of a faulty system service. Antivirus software can also trigger this error, as can a corrupted NTFS volume. Resolution Resolving a faulty hardware problem: If hardware has been added to the system recently, remove it to see if the error recurs. If existing hardware has failed, remove or replace the faulty component. You should run hardware diagnostics supplied by the system manufacturer. For details on these procedures, see the owner's manual for your computer. Resolving a faulty system service problem: Disable the service and confirm that this resolves the error. If so, contact the manufacturer of the system service about a possible update. If the error occurs during system startup, restart your computer, and press F8 at the character-mode menu that displays the operating system choices. At the resulting Windows Advanced Options menu, choose the Last Known Good Configuration option. This option is most effective when only one driver or service is added at a time. Resolving an antivirus software problem: Disable the program and confirm that this resolves the error. If it does, contact the manufacturer of the program about a possible update. Resolving a corrupted NTFS volume problem: Run Chkdsk /f /r to detect and repair disk errors. You must restart the system before the disk scan begins on a system partition. If the hard disk is SCSI, check for problems between the SCSI controller and the disk. Finally, check the System Log in Event Viewer for additional error messages that might help pinpoint the device or driver that is causing the error. Disabling memory caching of the BIOS might also resolve it. Remarks Typically, this address is in freed memory or is simply invalid. This cannot be protected by a try - except handler -- it can only be protected by a probe. Bug Check 0x51: REGISTRY_ERROR The REGISTRY_ERROR bug check has a value of 0x00000051. This indicates that a severe registry error has occurred. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Reserved 2 Reserved 3 The pointer to the hive (if available) 4 If the hive is corrupt, the return code of HvCheckHive (if available) Cause Something has gone wrong with the registry. If a kernel debugger is available, get a stack trace. This error may indicate that the registry encountered an I/O error while trying to read one of its files. This can be caused by hardware problems or file system corruption. It may also occur due to a failure in a refresh operation, which is used only in by the security system, and then only when resource limits are encountered. Bug Check 0x52: MAILSLOT_FILE_SYSTEM The MAILSLOT_FILE_SYSTEM bug check has a value of 0x00000052. This bug check appears very infrequently. Bug Check 0x53: NO_BOOT_DEVICE The NO_BOOT_DEVICE bug check has a value of 0x00000053. This bug check appears very infrequently. Bug Check 0x54: LM_SERVER_INTERNAL_ERROR The LM_SERVER_INTERNAL_ERROR bug check has a value of 0x00000054. This bug check appears very infrequently. Bug Check 0x55: DATA_COHERENCY_EXCEPTION The DATA_COHERENCY_EXCEPTION bug check has a value of 0x00000055. This bug check appears very infrequently. Bug Check 0x56: INSTRUCTION_COHERENCY_EXCEPTION The INSTRUCTION_COHERENCY_EXCEPTION bug check has a value of 0x00000056. This bug check appears very infrequently. Bug Check 0x57: XNS_INTERNAL_ERROR The XNS_INTERNAL_ERROR bug check has a value of 0x00000057. This bug check appears very infrequently. Bug Check 0x58: FTDISK_INTERNAL_ERROR The FTDISK_INTERNAL_ERROR bug check has a value of 0x00000058. This is issued if the system is booted from the wrong copy of a mirrored partition. Parameters None Cause The hives are indicating that the mirror is valid, but it is not. The hives should actually be pointing to the shadow partition. This is almost always caused by the primary partition being revived. Resolution Reboot the system from the shadow partition. Bug Check 0x59: PINBALL_FILE_SYSTEM The PINBALL_FILE_SYSTEM bug check has a value of 0x00000059. This indicates that a problem occurred in the Pinball file system. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Specifies source file and line number information. The high 16 bits (the first four hexadecimal digits after the "0x") identify the source file by its identifier number. The low 16 bits identify the source line in the file where the bug check occurred. 2 Reserved 3 Reserved 4 Reserved Cause One possible cause of this bug check is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error. Resolution To resolve a nonpaged pool memory depletion problem: Add new physical memory to the computer. This will increase the quantity of nonpaged pool memory available to the kernel. Bug Check 0x5A: CRITICAL_SERVICE_FAILED The CRITICAL_SERVICE_FAILED bug check has a value of 0x0000005A. This bug check appears very infrequently. Bug Check 0x5B: SET_ENV_VAR_FAILED The SET_ENV_VAR_FAILED bug check has a value of 0x0000005B. This bug check appears very infrequently. Bug Check 0x5C: HAL_INITIALIZATION_FAILED The HAL_INITIALIZATION_FAILED bug check has a value of 0x0000005C. This indicates that the HAL initialization failed. Bug Check 0x5D: UNSUPPORTED_PROCESSOR The UNSUPPORTED_PROCESSOR bug check has a value of 0x0000005D. This indicates that the computer is attempting to run Windows on an unsupported processor. Parameters None Cause Windows requires a higher-grade processor than the one you are using. Bug Check 0x5E: OBJECT_INITIALIZATION_FAILED The OBJECT_INITIALIZATION_FAILED bug check has a value of 0x0000005E. This bug check appears very infrequently. Bug Check 0x5F: SECURITY_INITIALIZATION_FAILED The SECURITY_INITIALIZATION_FAILED bug check has a value of 0x0000005F. This bug check appears very infrequently. Bug Check 0x60: PROCESS_INITIALIZATION_FAILED The PROCESS_INITIALIZATION_FAILED bug check has a value of 0x00000060. This bug check appears very infrequently. Bug Check 0x61: HAL1_INITIALIZATION_FAILED The HAL1_INITIALIZATION_FAILED bug check has a value of 0x00000061. This bug check appears very infrequently. Bug Check 0x62: OBJECT1_INITIALIZATION_FAILED The OBJECT1_INITIALIZATION_FAILED bug check has a value of 0x00000062. This bug check appears very infrequently. Bug Check 0x63: SECURITY1_INITIALIZATION_FAILED The SECURITY1_INITIALIZATION_FAILED bug check has a value of 0x00000063. This bug check appears very infrequently. Bug Check 0x64: SYMBOLIC_INITIALIZATION_FAILED The SYMBOLIC_INITIALIZATION_FAILED bug check has a value of 0x00000064. This bug check appears very infrequently. Bug Check 0x65: MEMORY1_INITIALIZATION_FAILED The MEMORY1_INITIALIZATION_FAILED bug check has a value of 0x00000065. This bug check appears very infrequently. Bug Check 0x66: CACHE_INITIALIZATION_FAILED The CACHE_INITIALIZATION_FAILED bug check has a value of 0x00000066. This bug check appears very infrequently. Bug Check 0x67: CONFIG_INITIALIZATION_FAILED The CONFIG_INITIALIZATION_FAILED bug check has a value of 0x00000067. This bug check indicates that the registry configuration failed. Parameters The following parameters appear on the blue screen. Parameter Description 1 Reserved 2 The location selector 3 The NT status code 4 Reserved Cause The registry could not allocate the pool that it needed to contain the registry files. This situation should never occur, because the register allocates this pool early enough in system initialization so that plenty of paged pool should be available. Bug Check 0x68: FILE_INITIALIZATION_FAILED The FILE_INITIALIZATION_FAILED bug check has a value of 0x00000068. This bug check appears very infrequently. Bug Check 0x69: IO1_INITIALIZATION_FAILED The IO1_INITIALIZATION_FAILED bug check has a value of 0x00000069. This bug check indicates that the initialization of the I/O system failed for some reason. Parameters None Cause There is very little information available to analyze this error. Most likely, the setup routine has improperly installed the system, or a user has reconfigured the system. Bug Check 0x6A: LPC_INITIALIZATION_FAILED The LPC_INITIALIZATION_FAILED bug check has a value of 0x0000006A. This bug check appears very infrequently. Bug Check 0x6B: PROCESS1_INITIALIZATION_FAILED The PROCESS1_INITIALIZATION_FAILED bug check has a value of 0x0000006B. This bug check indicates that the initialization of the Microsoft Windows operating system failed. Parameters The following parameters appear on the blue screen. Parameter Description 1 The NT status code that caused the failure 2 Reserved 3 Reserved 4 Reserved Cause Any part of the disk subsystem can cause the PROCESS1_INITIALIZATION_FAILED bug check, including bad disks, bad or incorrect cables, mixing different ATA-type devices on the same chain, or drives that are not available becuase of hardware regeneration. This bug check can also be caused by a missing file from the boot partition or by a driver file that a user accidentally disabled in the Drivers tab. Bug Check 0x6C: REFMON_INITIALIZATION_FAILED The REFMON_INITIALIZATION_FAILED bug check has a value of 0x0000006C. This bug check appears very infrequently. Bug Check 0x6D: SESSION1_INITIALIZATION_FAILED The SESSION1_INITIALIZATION_FAILED bug check has a value of 0x0000006D. This bug check indicates that the initialization of the Microsoft Windows operating system failed. Parameters The following parameters appear on the blue screen. Parameter Description 1 The NT status code that caused the initialization failure 2 0 3 0 4 0 Bug Check 0x6E: SESSION2_INITIALIZATION_FAILED The SESSION2_INITIALIZATION_FAILED bug check has a value of 0x0000006E. This bug check indicates that the initialization of the Microsoft Windows operating system failed. Parameters The following parameters appear on the blue screen. Parameter Description 1 The NT status code that caused the Windows operating system to conclude that initialization failed 2 0 3 0 4 0 Bug Check 0x6F: SESSION3_INITIALIZATION_FAILED The SESSION3_INITIALIZATION_FAILED bug check has a value of 0x0000006F. This bug check indicates that the initialization of the Microsoft Windows operating system failed. Parameters The following parameters appear on the blue screen. Parameter Description 1 The NT status code that caused the Windows operating system to conclude that initialization failed 2 0 3 0 4 0 Bug Check 0x70: SESSION4_INITIALIZATION_FAILED The SESSION4_INITIALIZATION_FAILED bug check has a value of 0x00000070. This bug check indicates that the initialization of the Microsoft Windows operating system failed. Parameters The following parameters appear on the blue screen. Parameter Description 1 The NT status code that caused the Windows operating system to conclude that initialization failed 2 0 3 0 4 0 Bug Check 0x71: SESSION5_INITIALIZATION_FAILED The SESSION5_INITIALIZATION_FAILED bug check has a value of 0x00000071. This bug check indicates that the initialization of the Microsoft Windows operating system failed. Parameters The following parameters appear on the blue screen. Parameter Description 1 The NT status code that caused the Windows operating system to conclude that initialization failed 2 0 3 0 4 0 Bug Check 0x72: ASSIGN_DRIVE_LETTERS_FAILED The ASSIGN_DRIVE_LETTERS_FAILED bug check has a value of 0x00000072. This bug check appears very infrequently. Bug Check 0x73: CONFIG_LIST_FAILED The CONFIG_LIST_FAILED bug check has a value of 0x00000073. This bug check indicates that one of the top-level registry keys, also known as core system hives, cannot be linked in the registry tree. Parameters The following parameters appear on the blue screen. Parameter Description 1 1 2 The NT status code that led the Windows operating system to assume that it failed to load the hive 3 The index of the hive in the hive list 4 A pointer to a UNICODE_STRING structure that contains the file name of the hive Cause The registry hive that cannot be linked might be SAM, SECURITY, SOFTWARE, or DEFAULT. The hive is valid, because it was loaded successfully. Examine Parameter 2 to see why the hive could not be linked in the registry tree. One common cause of this error is that the Windows operating system is out of disk space on the system drive. (In this situation, this parameter is 0xC000017D, STATUS_NO_LOG_SPACE.) Another common problem is that an attempt to allocate pool has failed. (In this situation, Parameter 2 is 0xC000009A, STATUS_INSUFFICIENT_RESOURCES.) You must investigate other status codes. Bug Check 0x74: BAD_SYSTEM_CONFIG_INFO The BAD_SYSTEM_CONFIG_INFO bug check has a value of 0x00000074. This bug check indicates that there is an error in the registry. Parameters The following parameters appear on the blue screen. Parameter Description 1 Reserved 2 Reserved 3 Reserved 4 The NT status code (if it is available) Cause The BAD_SYSTEM_CONFIG_INFO bug check occurs if the SYSTEM hive is corrupt. However, this corruption is unlikely, because the boot loader, known as NT Loader (NTLDR) in versions of Windows prior to Vista, checks a hive for corruption when it loads the hive. This bug check can also occur if some critical registry keys and values are missing. Thee keys and values might be missing if a user manually edited the registry. Resolution Try restarting the computer by selecting "last known good configuration" in the boot options. If the restart does not fix the problem, the registry damage is too extensive. You must reinstall the OS or use the Emergency Repair Disk (ERD) that you previously created by using the Windows Backup tool. Bug Check 0x75: CANNOT_WRITE_CONFIGURATION The CANNOT_WRITE_CONFIGURATION bug check has a value of 0x00000075. This bug check indicates that the SYSTEM registry hive file cannot be converted to a mapped file. Parameters The following parameters appear on the blue screen. Parameter Description 1 1 2 The NT status code that led the Windows operating system to assume that it had failed to convert the hive 3 Reserved 4 Reserved Cause The CANNOT_WRITE_CONFIGURATION bug check typically occurs if the system is out of pool and the Windows operating system cannot reopen the hive. This bug check should almost never occur, because the conversion of the hive file occurs early enough during system initialization so that enough pool should be available. Bug Check 0x76: PROCESS_HAS_LOCKED_PAGES The PROCESS_HAS_LOCKED_PAGES bug check has a value of 0x00000076. This bug check indicates that a driver failed to release locked pages after an I/O operation, or that it attempted to unlock pages that were already unlocked. Parameters The following parameters appear on the blue screen. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of error 0x00 The pointer to the process object The number of locked pages The pointer to driver stacks (if they are enabled). Otherwise, this parameter is zero. The process being terminated has locked memory pages. The driver must unlock any memory that it might have locked in a process, before the process terminates. 0x01 MDL specified by the driver Current number of locked memory pages in that process A pointer to driver stacks for that process (if they are enabled). Otherwise, this parameter is zero. The driver is attempting to unlock process memory pages that are not locked. Cause The driver either failed to unlock pages that it locked (parameter 1 value is 0x0), or the driver is attempting to unlock pages that have not been locked or that have already been unlocked (parameter 1 value is 0x1). Resolution If the parameter 1 value is 0x0 First use the !search extension on the current process pointer throughout all of physical memory. This extension might find at least one memory descriptor list (MDL) that points to the current process. Next, use !search on each MDL that you find to obtain the I/O request packet (IRP) that points to the current process. From this IRP, you can identify which driver is leaking the pages. Otherwise, you can detect which driver caused the error by editing the registry: In the \\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management registry key, create or edit the TrackLockedPages value, and then set it equal to DWORD 1. Restart the computer. The system then saves stack traces, so you can easily identify the driver that caused the problem. If the driver causes the same error again, bug check 0xCB (DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS) is issued, and the name of the driver that causes this error is displayed on the blue screen and stored in memory at the location (PUNICODE_STRING) KiBugCheckDriver. If the parameter 1 value is 0x1 Examine the driver source code that locks and unlocks memory, and try to locate an instance where memory is unlocked without first being locked. Bug Check 0x77: KERNEL_STACK_INPAGE_ERROR The KERNEL_STACK_INPAGE_ERROR bug check has a value of 0x00000077. This bug check indicates that the requested page of kernel data from the paging file could not be read into memory. Parameters The four parameters that listed in the message have two possible meanings. If the first parameter is 0, 1, or 2, the parameters have the following meaning. Parameter Description 1 0: The page of kernel data was retrieved from page cache. 1: The page was retrieved from a disk. 2: The page was retrieved from a disk, the storage stack returned SUCCESS, but Status.Information is not equal to PAGE_SIZE. 2 The value that appears in the stack where the signature should be. 3 0 4 The address of the signature on the kernel stack If the first parameter is any value other than 0, 1, or 2, the parameters have the following meaning. Parameter Description 1 The status code 2 The I/O status code 3 The page file number 4 The offset into page file Cause If the first parameter is 0 or 1, the stack signature in the kernel stack was not found. This error is probably caused by defective hardware, such as a RAM error. If the first parameter is 2, the driver stack returned an inconsistent status for the read of the page. For example, the driver stack returned a success status even though it did not read the whole page. If the first parameter is any value other than 0, 1, or 2, the value of the first parameter is an NTSTATUS error code that the driver stack returns after it tries to retrieve the page of kernel data. You can determine the exact cause of this error from the I/O status code (the second parameter). Some common status codes include the following: 0xC000009A, or STATUS_INSUFFICIENT_RESOURCES, indicates a lack of nonpaged pool resources. This status code indicates a driver error in the storage stack. (The storage stack should always be able to retrieve this data, regardless of software resource availability.) 0xC000009C, or STATUS_DEVICE_DATA_ERROR, indicates bad blocks (sectors) on the hard disk. 0xC000009D, or STATUS_DEVICE_NOT_CONNECTED, indicates defective or loose cabling, termination, or that the controller does not see the hard disk drive. 0xC000016A, or STATUS_DISK_OPERATION_FAILED, indicates bad blocks (sectors) on the hard disk. 0xC0000185, or STATUS_IO_DEVICE_ERROR, indicates improper termination or defective cabling on SCSI devices or that two devices are trying to use the same IRQ. These status codes are the most common ones that have specific causes. For more information about other possible status codes that might be returned, see the Ntstatus.h file in the Microsoft Windows Driver Kit (WDK). A virus infection can also cause this bug check. Resolution Resolving a bad block problem: If you can restart the computer after the error, Autochk runs automatically and attempts to map the bad sector to prevent it from being used anymore. If Autochk does not scan the hard disk for errors, you can manually start the disk scanner. Run Chkdsk /f /r on the system partition. You must restart the computer before the disk scan begins. If you cannot start the system because the error, use the Recovery Console and run Chkdsk /r. Warning If your system partition is formatted with the FAT file system, the long file names that the Windows operating system uses might be damaged if you use Scandisk or another MS-DOS-based hard disk tool to verify the integrity of your hard disk drive from MS-DOS. Always use the version of Chkdsk that matches your version of the Windows operating system. Resolving a defective hardware problem: If the I/O status is 0xC0000185 and the paging file is on an SCSI disk, check the disk cabling and SCSI termination for problems. Resolving a failing RAM problem: Run the hardware diagnostics that the system manufacturer supplies, especially the memory scanner. For more information about these procedures, see the owner's manual for your computer. Check that all the adapter cards in the computer are properly seated. Use an ink eraser or an electrical contact treatment, available at electronics supply stores, to ensure adapter card contacts are clean. Check the System Log in Event Viewer for additional error messages that might help identify the device that is causing the error. You can also disable memory caching of the BIOS to try to resolve this error. Make sure that the latest Windows Service Pack is installed. If the preceding steps fail to resolve the error, take the system motherboard to a repair facility for diagnostic testing. A crack, a scratched trace, or a defective component on the motherboard can cause this error. Resolving a virus infection: Check your computer for viruses by using any up-to-date, commercial virus scanning software that examines the Master Boot Record of the hard disk. All Windows file systems can be infected by viruses. See also Bug Check 0x7A (KERNEL_DATA_INPAGE_ERROR) Bug Check 0x78: PHASE0_EXCEPTION The PHASE0_EXCEPTION bug check has a value of 0x00000078. This bug check occurs when an unexpected break is encountered during HAL initialization. This break can occur if you have set the /break parameter in your boot settings but have not enabled kernel debugging. Bug Check 0x79: MISMATCHED_HAL The MISMATCHED_HAL bug check has a value of 0x00000079. This bug check indicates that the Hardware Abstraction Layer (HAL) revision level or configuration does not match that of the kernel or the computer. Parameters The following parameters appear on the blue screen. Parameter 1 indicates the type of mismatch. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause. 0x1 The major processor control block (PRCB) level of Ntoskrnl.exe. The major PRCB level of Hal.dll. Reserved The PRCB release levels are mismatched. (Something is out of date.) 0x2 The build type of Ntoskrnl.exe. The build type of Hal.dll. Reserved The build types are mismatched. 0x3 The size of the loader parameter extension. The major version of the loader parameter extension. The minor version of the loader parameter extension. The loader (ntldr) and HAL versions are mismatched. When Parameter 1 equals 0x2, the following build type codes are used: 0: Multiprocessor-enabled free build 1: Multiprocessor-enabled checked build 2: Single-processor free build 3: Single-processor checked build Cause The MISMATCHED_HAL bug check often occurs when a user manually updates Ntoskrnl.exe or Hal.dll. The error can also indicate that one of those two files is out of date. For example, the HAL might be designed for Microsoft Windows 2000 and the kernel is designed for Windows XP. Or the computer might erroneously have a multiprocessor HAL and a single-processor kernel installed, or vice versa. The Ntoskrnl.exe kernel file is for single-processor systems and Ntkrnlmp.exe is for multiprocessor systems. However, these file names correspond to the files on the installation media.After you have installed the Windows operating system, the file is renamed to Ntoskrnl.exe, regardless of the source file that is used. The HAL file also uses the name Hal.dll after installation, but there are several possible HAL files on the installation media. For more information, see "Installing the Checked Build" in the Windows Driver Kit (WDK). Resolution Restart the computer by using the product CD or the Windows Setup disks. At the Welcome screen, press F10 to start the Recovery Console. Use the Copy command to copy the correct HAL or kernel file from the original CD into the appropriate folder on the hard disk. The Copy command detects whether the file that you are copying is in the Microsoft compressed file format. If so, it automatically expands the file that is copied on the target drive. Bug Check 0x7A: KERNEL_DATA_INPAGE_ERROR The KERNEL_DATA_INPAGE_ERROR bug check has a value of 0x0000007A. This bug check indicates that the requested page of kernel data from the paging file could not be read into memory. Parameters The four parameters that are listed in the message can have three possible meanings. If the first parameter is 1 or 2, or 3 and the third parameter is 0, the parameters have the following definitions. Parameter Description 1 The lock type that was held (1, 2, or 3) 2 The error status (usually an I/O status code) 3 If Lock Type is 1: the current process If Lock Type is 2 or 3: 0 4 The virtual address that could not be paged into memory If the first parameter is 3 (and the third parameter is nonzero) or 4, the parameters have the following definitions. Parameter Description 1 The lock type that was held (3 or 4) 2 The error status (typically an I/O status code) 3 The address of the InPageSupport structure 4 The faulting address Otherwise, the parameters have the following definitions. Parameter Description 1 The address of the page table entry (PTE) 2 The error status (usually an I/O status code) 3 The PTE contents 4 The faulting address Cause Frequently, you can determine the cause of the KERNEL_DATA_INPAGE_ERROR bug check from the error status (Parameter 2). Some common status codes include the following: 0xC000009A, or STATUS_INSUFFICIENT_RESOURCES, indicates a lack of nonpaged pool resources. 0xC000009C, or STATUS_DEVICE_DATA_ERROR, typically indicates bad blocks (sectors) on the hard disk. 0xC000009D, or STATUS_DEVICE_NOT_CONNECTED, indicates defective or loose cabling, termination, or that the controller does not see the hard disk. 0xC000016A, or STATUS_DISK_OPERATION_FAILED, indicates bad blocks (sectors) on the hard disk. 0xC0000185, or STATUS_IO_DEVICE_ERROR, indicates improper termination or defective cabling on SCSI devices or that two devices are trying to use the same IRQ. These status codes are the most common ones that have specific causes. For more information about other possible status codes that can be returned, see the Ntstatus.h file in the Microsoft Windows Driver Kit (WDK). Another common cause of this error message is defective hardware or failing RAM. A virus infection can also cause this bug check. Resolution Resolving a bad block problem: An I/O status code of 0xC000009C or 0xC000016A typically indicates that the data could not be read from the disk because of a bad block (sector). If you can restart the computer after the error, Autochk runs automatically and attempts to map the bad sector to prevent it from being used anymore. If Autochk does not scan the hard disk for errors, you can manually start the disk scanner. Run Chkdsk /f /r on the system partition. You must restart the computer before the disk scan begins. If you cannot start the computer because of the error, use the Recovery Console and run Chkdsk /r. Warning If your system partition is formatted with the FAT file system, the long file names that the Windows operating system uses might be damaged if you use Scandisk or another MS-DOS-based hard disk tool to verify the integrity of your hard disk from MS-DOS. Always use the version of Chkdsk that matches your version of Windows. Resolving a defective hardware problem: If the I/O status is C0000185 and the paging file is on an SCSI disk, check the disk cabling and SCSI termination for problems. Resolving a failing RAM problem: Run the hardware diagnostics that the system manufacturer supplies, especially the memory scanner. For more information about these procedures, see the owner's manual for your computer. Check that all the adapter cards in the computer are properly seated. Use an ink eraser or an electrical contact treatment, available at electronics supply stores, to ensure adapter card contacts are clean. Check the System Log in Event Viewer for additional error messages that might help identify the device that is causing the error. You can also disable memory caching of the BIOS to try to resolve this error. Make sure that the latest Windows Service Pack is installed. If the preceding steps do not resolve the error, take the system motherboard to a repair facility for diagnostic testing. A crack, a scratched trace, or a defective component on the motherboard can cause this error. Resolving a virus infection: Check your computer for viruses by using any up-to-date, commercial virus scanning software that examines the Master Boot Record of the hard disk. All Windows file systems can be infected by viruses. See also Bug Check 0x77 (KERNEL_STACK_INPAGE_ERROR) Bug Check 0x7B: INACCESSIBLE_BOOT_DEVICE The INACCESSIBLE_BOOT_DEVICE bug check has a value of 0x0000007B. This bug check indicates that the Microsoft Windows operating system has lost access to the system partition during startup. Parameters The following parameters appear in the message. Parameter Description 1 The address of a UNICODE_STRING structure, or the address of the device object that could not be mounted 2 0 3 0 4 0 To determine the meaning of Parameter 1, look at the data that it points to. If the first word (USHORT) at this address is even, Parameter 1 is the beginning of a Unicode string. If the first word (USHORT) at this address is 0x3, Parameter 1 is the first field (Type) of a device object. If this parameter points to a device object, the file system that was supposed to read the boot device failed to initialize or simply did not recognize the data on the boot device as a file system structure. In this situation, the specified device object is the object that could not be mounted. If this parameter points to a Unicode string, you must read the first 8 bytes at this address. These bytes form the UNICODE_STRING structure, which is defined as follows: USHORT Length; USHORT MaximumLength; PWSTR Buffer; The Length field gives the actual length of the string. The Buffer field points to the beginning of the string (Buffer is always be at least 0x80000000.) The actual string contains the Advanced RISC Computing (ARC) specification name of the device that the boot was being attempted from. ARC names are a generic way to identify devices in the ARC environment. Cause The INACCESSIBLE_BOOT_DEVICE bug check frequently occurs because of a boot device failure. During I/O system initialization, the boot device driver might have failed to initialize the boot device (typically a hard disk). File system initialization might have failed because it did not recognize the data on the boot device. Also, repartitioning the system partition or installing a new SCSI adapter or disk controller might induce this error. This error can also occur because of incompatible disk hardware. If the error occurred at the initial setup of the system, the system might have been installed on an unsupported disk or SCSI controller. Some controllers are supported only by drivers that are in the Windows Driver Library (WDL). (These drivers require the user to do a custom installation.) Resolution This error always occurs while the system is starting. This error frequently occurs before the debugger connection is established, so debugging can be difficult or impossible. Resolving a failed boot device problem: If a boot device is at fault, you must edit the boot options. Resolving an incompatible disk hardware problem: If Setup autodetects the controller, you might have to skip detection and use a specific manufacturer's disk to load the driver. Also, check the availability of updates for the system BIOS and SCSI controller firmware. Updates of this kind are typically available on the Web site or BBS of the hardware manufacturer. Remove any recently added hardware, especially hard disk drives or controllers, to see if the error is resolved. If the problematic hardware is a hard disk drive, the disk firmware version might be incompatible with your version of the Windows operating system. Contact the manufacturer for updates. If you removed another piece of hardware and the error is resolved, IRQ or I/O port conflicts likely exist. Reconfigure the new device according to the manufacturer's instructions. Confirm that all hard disk drivers, hard disk controllers, and SCSI adapters are compatible with the installed version of Windows. For example, you can get information about compatibility with Windows 7 at the Windows 7 Compatibility Center. If you recently added a driver, restart your computer, and press F8 at the character-based menu that displays the operating system choices. In the Advanced Options menu, select the Last Known Good Configuration option. This option is most effective when you add only one driver or service at a time. In addition, check your computer for viruses by using any up-to-date, commercial virus scanning software that examines the Master Boot Record of the hard disk. All Windows file systems can be infected by viruses. This error can also occur because of hard disk corruption. Run Chkdsk /f /r on the system partition. You must restart the computer before the disk scan begins. If you cannot start the computer because of the error, use the Recovery Console and run Chkdsk /r. If you cannot start the system in the last known good configuration, you should try to start off the Windows CD. Then, you can run Chkdsk from the Repair Console. Warning If your system partition is formatted with the FAT file system, the long file names that the Windows operating system uses might be damaged if you use Scandisk or another MS-DOS-based hard disk tool to verify the integrity of your hard disk drive from MS-DOS. Always use the version of Chkdsk that matches your version of Windows. If your system has SCSI adapters, contact the adapter manufacturer to obtain updated Windows drivers. Try disabling sync negotiation in the SCSI BIOS, checking the cabling and the SCSI IDs of each device, and confirming proper termination. For IDE devices, define the onboard IDE port as Primary only. Also check each IDE device for the proper master/subordinate/stand alone setting. Try removing all IDE devices except for hard disks. Finally, check the System Log in Event Viewer for additional error messages that might help identify the device or driver that is causing the error. To analyze this error: Run an lm (List Loaded Modules) command in the debugger. Verify that the following drivers were loaded: disk, classpnp, ftdisk, partmgr, and FAT or NTFS. kd> lm start end module name 80001000 80016000 hal (deferred) 80016000 80018c40 bootvid (deferred) 80019000 8001dfc0 pciidex (deferred) 8001e000 8001ff60 dmload (deferred) 80086000 80086980 pciide (deferred) 802c1000 802cc000 pci (deferred) 802cc000 802d39a0 isapnp (deferred) 802d4000 802ed000 ftdisk (deferred) 802ed000 802f3820 mountmgr (deferred) 802f4000 802fad40 fdc (deferred) 802fb000 802fdc20 partmgr (deferred) 802fe000 802fef00 wmilib (deferred) 8039b000 803b8000 dmio (deferred) 803b8000 803cb000 atapi (deferred) 803cb000 803d1560 disk (deferred) 803d2000 803d8e80 classpnp (deferred) 803d9000 803fa000 fastfat (deferred) 80400000 80540000 nt (pdb symbols) \\localsymbols\symbols\exe\ntoskrnl.dbg 80540000 80546f20 ksecdd (deferred) 80547000 80554620 cnss (deferred) 80555000 80579000 ndis (deferred) You probably have pci or isapnp loaded. Also make sure your controller drivers are loaded. That is, make sure Atapi.sys is loaded with the channel drivers (pciide and pciidex or intelid) or scsiport.sys is loaded with the appropriate miniport driver. It is helpful to know as much as possible about the boot device that Windows is installed on. For example, you can investigate the following items: Find out what type of controller the boot device is connected to (SCSI, IDE, 1394, etc). Find the manufacturer of non-IDE controllers (Adaptec, Symbios, and so on). Note the SCSI ID of the boot device if you are using SCSI. Indicate if other devices are attached to the same controller that the boot device is on (CD-ROM drives, zip drives, and so on). Note the file system that is used on the drive. The !devnode extension gives you more information, if you know what your boot devices are. Typically Plug and Play cannot assign resources to the boot device. You can verify this restriction by finding an entry for the service. If the status flags include DNF_INSUFFICIENT_RESOURCES or do not include DNF_STARTED or DNF_ENUMERATED, you have found the problem. Try !devnode 0 1 scsi or !devnode 0 1 atapi to save some time instead of dumping the whole device tree. Bug Check 0x7C: BUGCODE_NDIS_DRIVER The BUGCODE_NDIS_DRIVER bug check has a value of 0x0000007C. This bug check indicates that a problem occurred with an NDIS driver. Parameters The following parameters appear on the blue screen. Parameter 1 indicates the type of violation. The meaning of the other parameters depends on the value of Parameter 1. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of Error 0x01 The address of the miniport block The number of bytes that are requested The current IRQL A driver called NdisMAllocateSharedMemory at a raised IRQL. 0x02 The address of the miniport block The shared memory page that was corrupted The address of NDIS_WRAPPER_CONTEXT that keeps track of the driver's shared memory allocations During a call to NdisMAllocateSharedMemory, NDIS detected that a previously-allocated shared memory page had been corrupted. 0x03 The address of the miniport block The page that contains the shared memory The virtual address of the shared memory A driver called NdisMFreeSharedMemory[Async] with a shared memory pointer that had already been freed. 0x04 The address of NDIS_M_DRIVER_BLOCK The address of DRIVER_OBJECT 0 AddDevice was called with a driver that is not on the list of drivers that are registered with NDIS. (Enabled only on special instrumented NDIS.) 0x05 0x06 The address of the miniport block The address of the packet descriptor that the driver uses The address of the packet array that contained this packet descriptor An Ethernet driver indicated that it received a packet by using a packet descriptor that the protocol stack is currently using. 0x07 The address of the miniport block The address of the packet descriptor that the driver uses The address of the packet array that contained this packet descriptor An FDDI driver indicated that it received a packet by using a packet descriptor that the protocol stack is currently using. 0x08 The address of the miniport block The address of NDIS_MINIPORT_INTERRUPT 0 A miniport driver did not deregister its interrupt during the halt process. 0x09 The address of the miniport block The address of the miniport driver's timer queue (NDIS_MINIPORT_TIMER) 0 A miniport driver stopped without successfully canceling all its timers. 0x0A The address of NDIS_M_DRIVER_BLOCK The address of DRIVER_OBJECT The reference count for the miniport driver A miniport driver is getting unloaded prematurely. 0x0B The address of the miniport block The address of NDIS_MINIPORT_INTERRUPT 0 A miniport driver failed its initialization without deregistering its interrupt. 0x0C The address of the miniport block The address of the miniport driver's timer queue (NDIS_MINIPORT_TIMER) 0 A miniport driver failed its initialization without successfully canceling all its timers. 0x0D The address of the miniport block The address of NDIS_MINIPORT_INTERRUPT 0 A miniport driver did not deregister its interrupt during the halt process. (The halt was called from the initialize routine after the miniport driver returned success from its initialize handler.) 0x0E The address of the miniport block The address of the miniport driver's timer queue (NDIS_MINIPORT_TIMER) 0 A miniport driver stopped without successfully canceling all its timers. (The halt was called from the initialize routine after the miniport driver returned success from its initialize handler.) 0x0F The address of the miniport block The reset status AddressingReset (BOOLEAN) A miniport driver called NdisMResetComplete without any pending reset request. 0x10 The address of the miniport block The address of NDIS_MINIPORT_INTERRUPT 0 After resuming from a low-power state, a miniport driver failed its initialization without deregistering its interrupt. 0x11 The address of the miniport block The address of the miniport driver's timer queue (NDIS_MINIPORT_TIMER) 0 After resuming from a low-power state, a miniport driver failed its initialization without successfully canceling all its timers. 0x12 The address of the miniport block The address of the packet descriptor that the driver uses The address of the packet array that contained this packet descriptor A miniport driver indicated that it received a packet by using a packet descriptor that the protocol stack is currently using. 0x13 The address of the miniport block The address of the packet descriptor that the driver uses The address of the packet array that contained this packet descriptor A Token-Ring miniport driver indicated that it received a packet by using a packet descriptor that the protocol stack currently uses. 0x14 The current IRQL value 0 0 An NDIS driver called NdisWaitEvent at IRQL > PASSIVE_LEVEL. The function must be called at IRQL = PASSIVE_LEVEL. 0x15 The address of the miniport block 0 0 An NDIS 6 miniport driver was calling an NDIS 5 API. An NDIS 6 miniport driver cannot call NdisMQueryInformationComplete or NdisMSetInformationComplete. 0x16 The address of the protocol block The address of the context area that is allocated by the protocol driver The address of the open block NDIS encountered an invalid handle in a binding operation. A protocol driver's ProtocolBindAdapterEx function returned NDIS_STATUS_SUCCESS, either directly or asynchronously through NdisCompleteBindAdapterEx. However, the binding context information contains an invalid handle to a block that indicates the open state of the miniport adapter. In this case, the open handle is not NULL, but it cannot be referenced. 0x17 The address of the interface provider block 0 0 The NDIS driver was attempting to deregister as a network interface provider while an interface was still registered. 0x1B Windows 8.1 Preview and later The IfIndex of the higher layer The IfIndex of the lower layer Reserved A driver attempted to add a circular binding to the ifStackTable. This could be caused by incorrect use of NdisIfAddIfStackEntry or corruption of the stack table stored in the registry. 0x1C Windows 8.1 Preview and later Handle to the miniport adapter. Use !ndiskd.miniport. The OID reqeust object ID (example: OID_RECEIVE_FILTER_CLEAR_FILTER) The status code (NDIS_STATUS_XXX) with which the OID request was completed The miniport driver illegally failed an OID request that must not be failed. Certain types of OIDs must not be failed, or else memory leaks or system instability will result. 0x1D Windows 8.1 Preview and later Handle to the miniport adapter or filter module. Use !ndiskd.miniport or !ndiskd.filter. Pointer to the NDIS_OID_REQUEST that was completed illegally Reserved A miniport adapter or filter module completed an OID request with an illegal buffer size. The OID request was completed with BytesWritten > InformationBufferLength, which indicates a buffer overflow. 0x1E Windows 8.1 Preview and later Reserved Internal handle. Use !ndiskd.ndisref. Debug tag of the imbalanced reference count NDIS attempted to dereference a value more times than it was referenced. This can be caused by misusing NDIS APIs (for example, calling NdisFreeIoWorkItem twice on the same work item), or it can be caused by an internal issue in NDIS. Two of these bug checks are likely to be related if Parameter 4 is the same, and likely to be unrelated if Parameter 4 is different. Cause Parameter 1 indicates the specific cause of the BUGCODE_NDIS_DRIVER bug check. If one of the bug check parameters specifies the address of the miniport block, you can obtain more information by using !ndiskd.miniport together with this address. If one of the bug check parameters specifies the address of the packet descriptor that the driver uses, you can obtain more information by using !ndiskd.pkt together with this address. Remarks This bug check code occurs only on Microsoft Windows Server 2003 and later versions of Windows. In Windows 2000 and Windows XP, the corresponding code is bug check 0xD2 (BUGCODE_ID_DRIVER). Bug Check 0x7D: INSTALL_MORE_MEMORY The INSTALL_MORE_MEMORY bug check has a value of 0x0000007D. This bug check indicates that there is not enough memory to start up the Microsoft Windows operating system. Parameters The following parameters appear on the blue screen. Parameter Description 1 The number of physical pages that are found 2 The lowest physical page 3 The highest physical page 4 0 Cause The Windows operating system does not have sufficient memory to complete the startup process. Resolution Install more memory. Bug Check 0x7E: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED The SYSTEM_THREAD_EXCEPTION_NOT_HANDLED bug check has a value of 0x0000007E. This bug check indicates that a system thread generated an exception that the error handler did not catch. Parameters The following parameters appear on the blue screen. Parameter Description 1 The exception code that was not handled 2 The address where the exception occurred 3 The address of the exception record 4 The address of the context record Cause The SYSTEM_THREAD_EXCEPTION_NOT_HANDLED bug check is a very common bug check. To interpret it, you must identify which exception was generated. Common exception codes include the following: 0x80000002: STATUS_DATATYPE_MISALIGNMENT indicates an unaligned data reference was encountered. 0x80000003: STATUS_BREAKPOINT indicates a breakpoint or ASSERT was encountered when no kernel debugger was attached to the system. 0xC0000005: STATUS_ACCESS_VIOLATION indicates a memory access violation occurred. For a complete list of exception codes, see the Ntstatus.h file that is located in the inc directory of the Microsoft Windows Driver Kit (WDK). Resolution If you are not equipped to debug this problem, you should use some basic troubleshooting techniques. Make sure you have enough disk space. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters. Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you plan to debug this problem, you might find it difficult to obtain a stack trace. Parameter 2 (the exception address) should identify the driver or function that caused this problem. If exception code 0x80000003 occurs, a hard-coded breakpoint or assertion was hit, but the system was started with the /NODEBUG switch. This problem should rarely occur. If it occurs repeatedly, make sure that a kernel debugger is connected and the system is started with the /DEBUG switch. If exception code 0x80000002 occurs, the trap frame supplies additional information. If you do not know the specific cause of the exception, consider the following issues: Hardware incompatibility. Make sure that any new hardware that is installed is compatible with the installed version of Windows. For example, you can get information about compatibility with Windows 7 at the Windows 7 Compatibility Center. Faulty device driver or system service. A faulty device driver or system service might be responsible for this error. Hardware issues, such as BIOS incompatibilities, memory conflicts, and IRQ conflicts can also generate this error. If a driver is listed by name within the bug check message, disable or remove that driver. Disable or remove any drivers or services that were recently added. If the error occurs during the startup sequence and the system partition is formatted with NTFS file system, you might be able to use Safe Mode to rename or delete the faulty driver. If the driver is used as part of the system startup process in Safe Mode, you must start the computer by using the Recovery Console to access the file. If the problem is associated with Win32k.sys, the source of the error might be a third-party remote control program. If such software is installed, you can remove the service by starting the computer by using the Recovery Console and then deleting the offending system service file. Check the System Log in Event Viewer for additional error messages that might help identify the device or driver that is causing bug check 0x7E. You can also disable memory caching of the BIOS might to try to resolve the error. You should also run hardware diagnostics, especially the memory scanner, that the system manufacturer supplies. For more information about these procedures, see the owner's manual for your computer. The error that generates this message can occur after the first restart during Windows Setup, or after Setup is finished. A possible cause of the error is lack of disk space for installation and system BIOS incompatibilities. For problems during Windows installation that are associated with lack of disk space, reduce the number of files on the target hard disk drive. Check for and delete any temporary files that you do not have to have, Internet cache files, application backup files, and .chk files that contain saved file fragments from disk scans. You can also use another hard disk drive with more free space for the installation. You can resolve BIOS problems by upgrading the system BIOS version. Bug Check 0x7F: UNEXPECTED_KERNEL_MODE_TRAP The UNEXPECTED_KERNEL_MODE_TRAP bug check has a value of 0x0000007F. This bug check indicates that the Intel CPU generated a trap and the kernel failed to catch this trap. This trap could be a bound trap (a trap the kernel is not permitted to catch) or a double fault (a fault that occurred while processing an earlier fault, which always results in a system failure). Parameters The first parameter that appears on the blue screen specifies the trap number. The most common trap codes include the following: 0x00000000, or Divide by Zero Error, indicates that a DIV instruction is executed and the divisor is zero. Memory corruption, other hardware problems, or software failures can cause this error. 0x00000004, or Overflow, occurs when the processor executes a call to an interrupt handler when the overflow (OF) flag is set. 0x00000005, or Bounds Check Fault, indicates that the processor, while executing a BOUND instruction, finds that the operand exceeds the specified limits. A BOUND instruction ensures that a signed array index is within a certain range. 0x00000006, or Invalid Opcode, indicates that the processor tries to execute an invalid instruction. This error typically occurs when the instruction pointer has become corrupted and is pointing to the wrong location. The most common cause of this error is hardware memory corruption. 0x00000008, or Double Fault, indicates that an exception occurs during a call to the handler for a prior exception. Typically, the two exceptions are handled serially. However, there are several exceptions that cannot be handled serially, and in this situation the processor signals a double fault. There are two common causes of a double fault: A kernel stack overflow. This overflow occurs when a guard page is hit, and the kernel tries to push a trap frame. Because there is no stack left, a stack overflow results, causing the double fault. If you think this overview has occurred, use !thread to determine the stack limits, and then use kb (Display Stack Backtrace) with a large parameter (for example, kb 100) to display the full stack. A hardware problem. The less-common trap codes include the following: 0x00000001 -- A system-debugger call 0x00000003 -- A debugger breakpoint 0x00000007 -- A hardware coprocessor instruction with no coprocessor present 0x0000000A -- A corrupted Task State Segment 0x0000000B -- An access to a memory segment that was not present 0x0000000C -- An access to memory beyond the limits of a stack 0x0000000D -- An exception not covered by some other exception; a protection fault that pertains to access violations for applications For other trap numbers, see an Intel architecture manual. Cause Bug check 0x7F typically occurs after you install a faulty or mismatched hardware (especially memory) or if installed hardware fails. A double fault can occur when the kernel stack overflows. This overflow occurs if multiple drivers are attached to the same stack. For example, if two file system filter drivers are attached to the same stack and then the file system recurses back in, the stack overflows. Resolution Debugging: Always begin with the !analyze extension. If this extension is not sufficient, use the kv (Display Stack Backtrace) debugger command. If kv shows a taskGate, use the .tss (Display Task State Segment) command on the part before the colon. If kv shows a trap frame, use the .trap (Display Trap Frame) command to format the frame. Otherwise, use the .trap (Display Trap Frame) command on the appropriate frame. (On x86-based platforms, this frame is associated with the procedure NT!KiTrap.) After using one of these commands, use kv again to display the new stack. Troubleshooting: If you recently added hardware to the computer, remove it to see if the error recurs. If existing hardware has failed, remove or replace the faulty component. Run hardware diagnostics that the system manufacturer supplies to determine which hardware component failed. The memory scanner is especially important. Faulty or mismatched memory can cause this bug check. For more informaiton about these procedures, see the owner's manual for your computer. Check that all adapter cards in the computer are properly seated. Use an ink eraser or an electrical contact treatment, available at electronics supply stores, to ensure adapter card contacts are clean. If the error appears on a newly installed system, check the availability of updates for the BIOS, the SCSI controller, or network cards. These kind of updates are typically available on the Web site or BBS of the hardware manufacturer. Confirm that all hard disk drives, hard disk controllers, and SCSI adapters are compatible with the installed version of Windows. For example, you can get information about compatibility with Windows 7 at the Windows 7 Compatibility Center. If the error occurred after the installation of a new or updated device driver, you should remove or replace the driver. If, under this circumstance, the error occurs during the startup sequence and the system partition is formatted with NTFS, you might be able to use Safe Mode to rename or delete the faulty driver. If the driver is used as part of the system startup process in Safe Mode, you have to start the computer by using the Recovery Console in order to access the file. Also restart your computer, and then press F8 at the character-based menu that displays the operating system choices. At the Advanced Options menu, select the Last Known Good Configuration option. This option is most effective when you add only one driver or service at a time. Overclocking (setting the CPU to run at speeds above the rated specification) can cause this error. If you have overclocked the computer that is experiencing the error, return the CPU to the default clock speed setting. Check the System Log in Event Viewer for additional error messages that might help identify the device or driver that is causing the error. You can also disable memory caching of the BIOS to try to resolve the problem. If you encountered this error while upgrading to a new version of the Windows operating system, the error might be caused by a device driver, a system service, a virus scanner, or a backup tool that is incompatible with the new version. If possible, remove all third-party device drivers and system services and disable any virus scanners before you upgrade. Contact the software manufacturer to obtain updates of these tools. Also make sure that you have installed the latest Windows Service Pack. Finally, if all the above steps do not resolve the error, take the system motherboard to a repair facility for diagnostic testing. A crack, a scratched trace, or a defective component on the motherboard can also cause this error.
 Bug Check 0x80: NMI_HARDWARE_FAILURE The NMI_HARDWARE_FAILURE bug check has a value of 0x00000080. This bug check indicates that a hardware malfunction has occurred. Parameters None Cause A variety of hardware malfunctions can cause the NMI_HARDWARE_FAILURE bug check. The exact cause is difficult to determine. Resolution Remove any hardware or drivers that have been recently installed. Make sure that all memory modules are of the same type.
 Bug Check 0x81: SPIN_LOCK_INIT_FAILURE The SPIN_LOCK_INIT_FAILURE bug check has a value of 0x00000081. This bug check appears very infrequently. Bug Check 0x82: DFS_FILE_SYSTEM The DFS_FILE_SYSTEM bug check has a value of 0x00000082. This bug check appears very infrequently. Bug Check 0x85: SETUP_FAILURE The SETUP_FAILURE bug check has a value of 0x00000085. This bug check indicates that a fatal error occurred during setup. Parameters The following parameters appear on the blue screen. Parameter 1 indicates the type of violation. Parameter 4 is not used. The meaning of the other parameters depends on the value of Parameter 1. Parameter 1 Parameter 2 Parameter 3 Cause 0x0 0 0 The OEM HAL font is not a valid .fon format file, so setup cannot display text. This cause indicates that Vgaxxx.fon on the boot floppy or CD is damaged. 0x1 The precise video initialization failure: 0:NtCreateFile of \device\video0 1: IOCTL_VIDEO_QUERY_NUM_AVAIL_MODES 2: IOCTL_VIDEO_QUERY_AVAIL_MODES 3: The desired video mode is not supported. This value indicates an internal setup error. 4: IOCTL_VIDEO_SET_CURRENT_MODE (unable to set video mode) 5: IOCTL_VIDEO_MAP_VIDEO_MEMORY 6: IOCTL_VIDEO_LOAD_AND_SET_FONT The status code from the NT API call, if appropriate Video initialization failed. This failure might indicate that the disk that contains Vga.sys (or another video driver that is appropriate to the computer) is damaged or that the computer has video hardware that the Microsoft Windows operating system cannot communicate with. 0x2 0 0 Out of memory. 0x3 The precise keyboard initialization failure: 0:NtCreateFile of \device\KeyboardClass0 failed. (Setup did not find a keyboard connected to the computer.) 1: Unable to load keyboard layout DLL. (Setup could not load the keyboard layout file. This failure indicates that the CD or floppy disk is missing a file, such as Kbdus.dll for the U.S. release or another layout DLL for localized releases.) 0 Keyboard initialization failed. This failure might indicate that the disk that contains the keyboard driver (I8042prt.sys or Kbdclass.sys) is damaged or that the computer has keyboard hardware that Windows cannot communicate with. This failure might also mean that the keyboard layout DLL could not be loaded. 0x4 0 0 Setup could not resolve the ARC device path name of the device that setup was started from. This error is an internal setup error. 0x5 Reserved Reserved Partitioning sanity check failed. This error indicates a bug in a disk driver. Bug Check 0x8B: MBR_CHECKSUM_MISMATCH The MBR_CHECKSUM_MISMATCH bug check has a value of 0x0000008B. This bug check indicates that a mismatch has occurred in the MBR checksum. Parameters The following parameters appear on the blue screen. Parameter Description 1 The disk signature from MBR 2 The MBR checksum that the OS Loader calculates 3 The MBR checksum that the system calculates 4 Reserved Cause The MBR_CHECKSUM_MISMATCH bug check occurs during the boot process when the MBR checksum that the Microsoft Windows operating system calculates does not match the checksum that the loader passes in. This error typically indicates a virus. Resolution There are many forms of viruses and not all can be detected. Typically, the newer viruses usually can be detected only by a virus scanner that has recently been upgraded. You should boot with a write-protected disk that contains a virus scanner and try to clean out the infection. Bug Check 0x8E: KERNEL_MODE_EXCEPTION_NOT_HANDLED The KERNEL_MODE_EXCEPTION_NOT_HANDLED bug check has a value of 0x0000008E. This bug check indicates that a kernel-mode application generated an exception that the error handler did not catch. Parameters The following parameters appear on the blue screen. Parameter Description 1 The exception code that was not handled 2 The address where the exception occurred 3 The trap frame 4 Reserved Cause The KERNEL_MODE_EXCEPTION_NOT_HANDLED bug check is a very common bug check. To interpret it, you must identify which exception was generated. Common exception codes include the following: 0x80000002: STATUS_DATATYPE_MISALIGNMENT indicates that an unaligned data reference was encountered. 0x80000003: STATUS_BREAKPOINT indicates that a breakpoint or ASSERT was encountered when no kernel debugger was attached to the system. 0xC0000005: STATUS_ACCESS_VIOLATION indicates that a memory access violation occurred. For a complete list of exception codes, see the Ntstatus.h file that is located in the inc directory of the Microsoft Windows Driver Kit (WDK). Resolution If you are not equipped to debug this problem, you should use some basic troubleshooting techniques: Make sure you have enough disk space. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters. Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you plan to debug this problem, you might find it difficult to obtain a stack trace. Parameter 2 (the exception address) should identify the driver or function that caused this problem. If exception code 0x80000003 occurs, a hard-coded breakpoint or assertion was hit, but the computer was started with the /NODEBUG switch. This problem should rarely occur. If it occurs repeatedly, make sure that a kernel debugger is connected and that the computer is started with the /DEBUG switch. If exception code 0x80000002 occurs, the trap frame supplies additional information. If you do not know the specific cause of the exception, consider the following items: Hardware incompatibility. Make sure that any new hardware that is installed is compatible with the installed version of Windows. For example, you can get information about compatibility with Windows 7 at the Windows 7 Compatibility Center. Faulty device driver or system service. A faulty device driver or system service might be responsible for this error. Hardware issues, such as BIOS incompatibilities, memory conflicts, and IRQ conflicts can also generate this error. If the bug check message lists a driver by name , disable or remove that driver. Also, disable or remove any drivers or services that were recently added. If the error occurs during the startup sequence and the system partition is formatted with NTFS file system, you might be able to use Safe Mode to rename or delete the faulty driver. If the driver is used as part of the system startup process in Safe Mode, you have to start the computer by using the Recovery Console to access the file. If the problem is associated with Win32k.sys, the source of the error might be a third-party remote control program. If such software is installed, you can remove the service by starting the system by using the Recovery Console and then deleting the offending system service file. Check the System Log in Event Viewer for additional error messages that might help identify the device or driver that is causing bug check 0x1E. You can disable memory caching of the BIOS to try to resolve the error. You should also run hardware diagnostics, especially the memory scanner, that the system manufacturer supplies. For more information about these procedures, see the owner's manual for your computer. The error that generates this message can occur after the first restart during Windows Setup, or after Setup is finished. A possible cause of the error is lack of disk space for installation and system BIOS incompatibilities. For problems during Windows installation that are associated with lack of disk space, reduce the number of files on the target hard disk drive. Check for and delete any temporary files that you do not have to have, Internet cache files, application backup files, and .chk files that contain saved file fragments from disk scans. You can also use another hard disk drive with more free space for the installation. You can resolve BIOS problems by upgrading the system BIOS version. Bug Check 0x8F: PP0_INITIALIZATION_FAILED The PP0_INITIALIZATION_FAILED bug check has a value of 0x0000008F. This bug check indicates that the Plug and Play (PnP) manager could not be initialized. Parameters None Cause An error occurred during Phase 0 initialization of the kernel-mode PnP manager. Bug Check 0x90: PP1_INITIALIZATION_FAILED The PP1_INITIALIZATION_FAILED bug check has a value of 0x00000090. This bug check indicates that the Plug and Play (PnP) manager could not be initialized. Parameters None Cause An error occurred during Phase 1 initialization of the kernel-mode PnP manager. Phase 1 is where most of the initialization is done, including setting up the registry files and other environment settings for drivers to call during the subsequent I/O initialization. Bug Check 0x92: UP_DRIVER_ON_MP_SYSTEM The UP_DRIVER_ON_MP_SYSTEM bug check has a value of 0x00000092. This bug check indicates that a uniprocessor-only driver has been loaded on a multiprocessor system. Parameters The following parameters appear on the blue screen. Parameter Description 1 The base address of the driver 2 Reserved 3 Reserved 4 Reserved Cause A driver that is compiled to work only on uniprocessor machines has been loaded, but the Microsoft Windows operating system is running on a multiprocessor system with more than one active processor. Bug Check 0x93: INVALID_KERNEL_HANDLE The INVALID_KERNEL_HANDLE bug check has a value of 0x00000093. This bug check indicates that an invalid or protected handle was passed to NtClose. Parameters The following parameters appear on the blue screen. Parameter Description 1 The handle that is passed to NtClose 2 0: The caller tried to close a protected handle 1: The caller tried to close an invalid handle 3 Reserved 4 Reserved Cause The INVALID_KERNEL_HANDLE bug check indicates that some kernel code (for example, a server, redirector, or another driver) tried to close an invalid handle or a protected handle.
 Bug Check 0x94: KERNEL_STACK_LOCKED_AT_EXIT The KERNEL_STACK_LOCKED_AT_EXIT bug check has a value of 0x00000094. This bug check indicates that a thread exited while its kernel stack was marked as not swappable Parameters None Bug Check 0x96: INVALID_WORK_QUEUE_ITEM The INVALID_WORK_QUEUE_ITEM bug check has a value of 0x00000096. This bug check indicates that a queue entry was removed that contained a NULL pointer. Parameters The following parameters appear on the blue screen. Parameter Description 1 The address of the queue entry whose flink or blink field is NULL. 2 The address of the queue that is being referenced. Typically, this queue is an ExWorkerQueue. 3 The base address of the ExWorkerQueue array. (This address helps you determine if the queue in question is indeed an ExWorkerQueue. If the queue is an ExWorkerQueue, the offset from this parameter will isolate the queue.) 4 Assuming the queue is an ExWorkerQueue, this value is the address of the worker routine that would have been called if the work item had been valid. (You can use this address to isolate the driver that is misusing the work queue.) Cause The INVALID_WORK_QUEUE_ITEM bug check occurs when KeRemoveQueue removes a queue entry whose flink or blink field is NULL. Any queue misuse can cause this error. But typically this error occurs because worker thread work items are misused. An entry on a queue can be inserted on the list only one time. When an item is removed from a queue, its flink field is set to NULL. Then, when this item is removed the second time, this bug check occurs. In most situations, the queue that is being referenced is an ExWorkerQueue (executive worker queue). To help identify the driver that caused the error, Parameter 4 displays the address of the worker routine that would have been called if this work item had been valid. However, if the queue that is being referenced is not an ExWorkerQueue, this parameter is not useful.
 Bug Check 0x97: BOUND_IMAGE_UNSUPPORTED The BOUND_IMAGE_UNSUPPORTED bug check has a value of 0x00000097. This bug check appears very infrequently.
 Bug Check 0x98: END_OF_NT_EVALUATION_PERIOD The END_OF_NT_EVALUATION_PERIOD bug check has a value of 0x00000098. This bug check indicates that the trial period for the Microsoft Windows operating system has ended. Parameters The following parameters appear on the blue screen. Parameter Description 1 The low-order 32 bits of the product expiration date 2 The high-order 32 bits of the product expiration date 3 Reserved 4 Reserved Cause Your installation of the Windows operating system is an evaluation unit with an expiration date. The trial period is over. Bug Check 0x99: INVALID_REGION_OR_SEGMENT The INVALID_REGION_OR_SEGMENT bug check has a value of 0x00000099. This bug check indicates that ExInitializeRegion or ExInterlockedExtendRegion was called with an invalid set of parameters. Parameters None Bug Check 0x9A: SYSTEM_LICENSE_VIOLATION The SYSTEM_LICENSE_VIOLATION bug check has a value of 0x0000009A. This bug check indicates that the software license agreement has been violated. Parameters The following parameters appear on the blue screen. Parameter 1 indicates the type of violation. The meaning of the other parameters depends on the value of Parameter 1. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause 0x00 0: The product should be WinNT 1: The product should be LanmanNT or ServerNT A partial serial number The first two characters of the product type from the product options Offline product type changes have been attempted. 0x01 The registered evaluation time from source 1 A partial serial number The registered evaluation time from an alternate source Offline changes to the Microsoft Windows evaluation unit time period have been attempted. 0x02 The status code that is associated with the open failure 0 0 The setup key could not be opened. 0x03 The status code that is associated with the key lookup failure 0 0 The SetupType or SetupInProgress value from the setup key is missing, so setup mode could not be detected. 0x04 The status code that is associated with the key lookup failure 0 0 The SystemPrefix value from the setup key is missing. 0x05 (See the setup code) An invalid value was found in licensed processors The officially licensed number of processors Offline changes to the number of licensed processors have been attempted. 0x06 The status code that is associated with the open failure 0 0 The ProductOptions key could not be opened. 0x07 The status code that is associated with the read failure 0 0 The ProductType value could not be read. 0x08 The status code that is associated with the Change Notify failure 0 0 Change Notify on ProductOptions failed. 0x09 The status code that is associated with the Change Notify failure 0 0 Change Notify on SystemPrefix failed. 0x0A 0 0 0 An NTW system was converted to an NTS system. 0x0B The status code that is associated with the change failure 0 0 The reference of the setup key failed. 0x0C The status code that is associated with the change failure 0 0 The reference of the product options key failed. 0x0D The status code that is associated with the failure 0 0 The attempt to open ProductOptions in the worker thread failed. 0x0F The status code that is associated with the failure 0 0 The attempt to open the setup key failed. 0x10 The status code that is associated with the failure 0: set value failed 1: Change Notify failed 0 A failure occurred in the setup key worker thread. 0x11 The status code that is associated with the failure 0: set value failed 1: Change Notify failed 0 A failure occurred in the product options key worker thread. 0x12 The status code that is associated with the failure 0 0 Unable to open the LicenseInfoSuites key for the suite. 0x13 The status code that is associated with the failure 0 0 Unable to query the LicenseInfoSuites key for the suite. 0x14 The size of the memory allocation 0 0 Unable to allocate memory. 0x15 The status code that is associated with the failure Reserved 0 Unable to reset the ConcurrentLimit value for the suite key. 0x16 The status code that is associated with the failure 0 0 Unable to open the license key for a suite product. 0x17 The status code that is associated with the failure 0 0 Unable to reset the ConcurrentLimit value for a suite product. 0x18 The status code that is associated with the open failure Reserved 0 Unable to start the Change Notify for the LicenseInfoSuites. 0x19 0 0 0 A suite is running on a system that must be PDC. 0x1A The status code that is associated with the failure 0 0 A failure occurred when enumerating the suites. 0x1B 0 0 0 Changes to the policy cache were attempted. Cause The Microsoft Windows operating system detects a violation of the software license agreement. A user might have tried to change the product type of an offline system or change the trial period of an evaluation unit of Windows. For more information about the specific violation, see the parameter list. Bug Check 0x9B: UDFS_FILE_SYSTEM The UDFS_FILE_SYSTEM bug check has a value of 0x0000009B. This bug check indicates that a problem occurred in the UDF file system. Parameters The following parameters appear on the blue screen. Parameter Description 1 The source file and line number information. The high 16 bits (the first four hexadecimal digits after the "0x") identify the source file by its identifier number. The low 16 bits identify the source line in the file where the bug check occurred. 2 If UdfExceptionFilter is on the stack, this parameter specifies the address of the exception record. 3 If UdfExceptionFilter is on the stack, this parameter specifies the address of the context record. 4 Reserved. Cause The UDFS_FILE_SYSTEM bug check might be caused disk corruption. Corruption in the file system or bad blocks (sectors) on the disk can induce this error. Corrupted SCSI and IDE drivers can also adversely affect the system's ability to read and write to the disk and cause the error. This bug check might also occur if nonpaged pool memory is full. If the nonpaged pool memory is full, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver that requires nonpaged pool memory can also trigger this error. Resolution To debug this problem: Use the .cxr (Display Context Record) command with Parameter 3, and then use kb (Display Stack Backtrace). To resolve a disk corruption problem: Check Event Viewer for error messages from SCSI and FASTFAT (System Log) or Autochk (Application Log) that might help identify the device or driver that is causing the error. Disable any virus scanners, backup application, or disk defragmenter tools that continually monitor the system. You should also run hardware diagnostics that the system manufacturer supplies. For more information about these procedures, see the owner's manual for your computer. Run Chkdsk /f /r to detect and resolve any file system structural corruption. You must restart the system before the disk scan begins on a system partition. To resolve a nonpaged pool memory depletion problem: Add new physical memory to the computer. This memory increases the quantity of nonpaged pool memory that is available to the kernel. Bug Check 0x9C: MACHINE_CHECK_EXCEPTION The MACHINE_CHECK_EXCEPTION bug check has a value of 0x0000009C. This bug check indicates that a fatal machine check exception has occurred. Parameters The four parameters that are listed in the message have different meanings, depending on the processor type. If the processor is based on an older x86-based architecture and has the Machine Check Exception (MCE) feature but not the Machine Check Architecture (MCA) feature (for example, the Intel Pentium processor), the parameters have the following meaning. Parameter Description 1 The low 32 bits of P5_MC_TYPE Machine Service Report (MSR) 2 The address of the MCA_EXCEPTION structure 3 The high 32 bits of P5_MC_ADDR MSR 4 The low 32 bits of P5_MC_ADDR MSR If the processor is based on a newer x86-based architecture and has the MCA feature and the MCE feature (for example, any Intel Processor of family 6 or higher, such as Pentium Pro, Pentium IV, or Xeon), or if the processor is an x64-based processor, the parameters have the following meaning. Parameter Description 1 The bank number 2 The address of the MCA_EXCEPTION structure 3 The high 32 bits of MCi_STATUS MSR for the MCA bank that had the error 4 The low 32 bits of MCi_STATUS MSR for the MCA bank that had the error On an Itanium-based processor, the parameters have the following meaning. Note Parameter 1 indicates the type of violation. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause 0x1 The address of the log The size of the log 0 0x2 The address of the log The size of the log The error code The system abstraction layer (SAL) returned an error for SAL_GET_STATEINFO while processing MCA. 0x3 The address of the log The size of the log The error code SAL returned an error for SAL_CLEAR_STATEINFO while it processed MCA. 0x4 The address of the log The size of the log 0 Firmware (FW) reported a fatal MCA. 0x5 The address of the log The size of the log 0 There are two possible causes: SAL reported a recoverable MCA, but this recovery is not currently supported. SAL generated an MCA but could not produce an error record. 0xB The address of the log The size of the log 0 0xC The address of the log The size of the log The error code SAL returned an error for SAL_GET_STATEINFO while processing an INIT event. 0xD The address of the log The size of the log The error code SAL returned an error for SAL_CLEAR_STATEINFO while it processed an INIT event. 0xE The address of the log The size of the log 0 Remarks In Windows Vista and later operating systems, this bug check occurs only in the following circumstances. WHEA is not fully initialized. All processors that rendezvous have no errors in their registers. For other circumstances, this bug check has been replaced with bug Check 0x124: WHEA_UNCORRECTABLE_ERROR in Windows Vista and later operating systems. For more information about Machine Check Architecture (MCA), see the Intel or AMD Web sites. Bug Check 0x9E: USER_MODE_HEALTH_MONITOR The USER_MODE_HEALTH_MONITOR bug check has a value of 0x0000009E. This bug check indicates that one or more critical user-mode components failed to satisfy a health check. Parameters The following parameters appear on the blue screen. Parameter Description 1 The process that failed to satisfy a health check in the configured time-out 2 The health monitoring time-out, in seconds 3 Reserved 4 Reserved Cause Hardware mechanisms, such as watchdog timers, can detect that basic kernel services are not executing. However, resource starvation issues (including memory leaks, lock contention, and scheduling priority misconfiguration) can block critical user-mode components without blocking deferred procedure calls (DPCs) or draining the non-paged pool. Kernel components can extend watchdog timer functionality to user mode by periodically monitoring critical applications. This bug check indicates that a user-mode health check failed in a way that prevents graceful shutdown. This bug check restores critical services by restarting or enabling application failover to other servers. On the Microsoft Windows Server 2003, Enterprise Edition, Windows Server 2003, Datacenter Edition, and Windows 2000 with Service Pack 4 (SP4) operating systems, a user-mode hang can also cause this bug check. The bug check occurs in this situation only if the user has set HangRecoveryAction to a value of 3. Bug Check 0x9F: DRIVER_POWER_STATE_FAILURE The DRIVER_POWER_STATE_FAILURE bug check has a value of 0x0000009F. This bug check indicates that the driver is in an inconsistent or invalid power state. Parameters The following parameters appear on the blue screen. Parameter 1 indicates the type of violation. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause 0x1 The device object Reserved Reserved The device object that is being freed still has an outstanding power request that it has not completed. 0x2 The target device's device object, if it is available The device object The driver object, if it is available The device object completed the I/O request packet (IRP) for the system power state request, but it did not call PoStartNextPowerIrp. 0x3 (Microsoft Windows 2000 only) A pointer to the target device object A pointer to the device object The IRP The device driver did not correctly set the IRP as "pending" or complete the IRP. 0x3 (Windows XP and later) The physical device object (PDO) of the stack The functional device object (FDO) of the stack. In Windows 7 and later, this parameter is reserved. The blocked IRP A device object has been blocking an IRP for too long a time. 0x4 (Windows Vista and later) Time-out value, in seconds. The thread currently holding onto the Plug-and-Play (PnP) lock. Reserved The power state transition timed out waiting to synchronize with the PnP subsystem. 0x100 (Windows 2000 only) A pointer to the nonpaged device object A pointer to the target device object A pointer to the device object to notify The device objects in the devnode inconsistently used DO_POWER_PAGABLE. 0x101 (Windows 2000 only) The child device object (FDO) The child device object (PDO) The parent device object A parent device object has detected that a child device has not set the DO_POWER_PAGABLE bit. 0x500 (Windows XP and Windows Server 2003 only) Reserved The target device's device object, if available Device object The device object completed the IRP for the system power state request, but it did not call PoStartNextPowerIrp. Cause For a description of the possible causes, see the description of each code in the Parameters section. The errors that cause Parameter 1 to be 0x3, 0x100, or 0x101 only occur in Windows 2000. In Windows XP and later versions of Windows, these errors are superseded by Driver Verifier tests. For more information about Driver Verifier, see the Driver Verifier section of the Windows Driver Kit. Bug Check 0xA0: INTERNAL_POWER_ERROR The INTERNAL_POWER_ERROR bug check has a value of 0x000000A0. This bug check indicates that the power policy manager experienced a fatal error. Parameters The following parameters appear on the blue screen. Parameter 1 indicates the type of violation. The meaning of the other parameters depends on the value of Parameter 1. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause 0x1 1: A device has overrun its maximum number of reference counts. 2, 3, or 4: (Windows Server 2003, Windows XP, and Windows 2000 only) Too many inrush power IRPs have been queued. 5: (Windows Server 2003, Windows XP, and Windows 2000 only) The power IRP has been sent to a passive level device object. 6: The system has failed to allocate a necessary power IRP. If Parameter 2 has a value of 1, the maximum number of references allowed. If Parameter 2 has a value of 2, 3, or 4, the maximum number of pending IRPs allowed. If Parameter 2 has a value of 6, the target device object. If Parameter 2 has value of 6, indicates whether this is a system (0x0) or device (0x1) power IRP. An error occurred during the handling of the power I/O request packet (IRP). 0x2 Reserved Reserved Reserved An internal failure has occurred while attempting to process a power event. For more information, see Debugging bug check 0xA0 when parameter 1 equals 0x2. 0x3 The expected checksum The actual checksum The line number of the failure The checksum for a hibernation context page does not match its expected checksum. 0x4 The expected checksum The actual checksum The line number of the failure The checksum for a page about to be written to the hibernation file does not match its expected checksum. 0x5 Reserved Reserved Reserved An unknown shutdown code has been sent to the system shutdown handler. 0x7 Reserved Reserved Reserved An unhandled exception has occurred. For more information, see Debugging bug check 0xA0 when parameter 1 equals 0x7. 0x8 This parameter is always set to 0x100. The device object POWER_CHANNEL_SUMMARY A fatal error occurred while processing a system power event. 0x9 Status code Mirroring phase Reserved A fatal error occured while preparing the hibernate file. 0xA 0: A bug check was requested immediately upon resuming. 1: A bug check was requested during resume after all non-pageable devices had been powered on. 2: A bug check was requested during resume after all devices had been powered on. Reserved Reserved A bug check was requested when waking for debugging purposes. 0xB Size of the hibernation file. Hibernation progress before running out of space 0: HIBERFILE_PROGRESS_FREE_MAP 1: HIBERFILE_PROGRESS_RESUME_CONTEXT 2: HIBERFILE_PROGRESS_PROCESSOR_STATEE 3: HIBERFILE_PROGRESS_MEMORY_RANGES 4: HIBERFILE_PROGRESS_TABLE_PAGES 5: HIBERFILE_PROGRESS_MEMORY_IMAGE Size of the remaining memory ranges. The hibernation file is too small. 0xC Status code Dump stack context Reserved The dump stack failed to initialize. 0x101 Reserved Exception pointer. Reserved An unhandled exception occured while processing a system power event. For more information, see Debugging bug check 0xA0 when parameter 1 equals 0x101. 0x102 Reserved DUMP_INITIALIZATION_CONTEXT POP_HIBER_CONTEXT The hibernation working buffer size is not page aligned. 0x103 Reserved POP_HIBER_CONTEXT Reserved All working pages have failed to be accounted for during the hibernation process. 0x104 Reserved POP_HIBER_CONTEXT Reserved An attempt was made to map internal hibernation memory while the internal memory structures were locked. 0x105 Reserved POP_HIBER_CONTEXT Reserved An attempt was made to map internal hibernation memory with an unsupported memory type flag. 0x106 Reserved The memory descriptor list (MDL) Reserved A memory descriptor list was created during the hibernation process which describes memory that is not paged-aligned. 0x107 Reserved POP_HIBER_CONTEXT PO_MEMORY_RANGE_ARRAY A data mismatch has occurred in the internal hibernation data structures. 0x108 Reserved POP_HIBER_CONTEXT Reserved The disk subsystem failed to properly write part of the hibernation file. 0x109 Reserved Expected checksum Actual checksum The checksum for the processor state data does not match its expected checksum. 0x10A Reserved POP_HIBER_CONTEXT NTSTATUS The disk subsystem failed to properly read or write part of the hibernation file. 0x10B Reserved Current hibernation progress Reserved An attempt was made to mark pages for the boot phase of hibernation at the wrong time using the PoSetHiberRange API. 0x10C Reserved Flags provided to the API Length to mark The PoSetHiberRange API was called with invalid parameters. 0x200 Reserved DEVICE_OBJECT DEVICE_OBJECT_POWER_EXTENSION An unknown device type is being checked for an idle state. 0x300 Reserved DEVICE_OBJECT IRP An unknown status was returned from a battery power IRP. 0x301 Reserved DEVICE_OBJECT IRP The battery has entered an unknown state. 0x400 Reserved IO_STACK_LOCATION DEVICE_OBJECT A device has overrun its maximum number of reference counts. 0x401 Reserved Pending IRP list DEVICE_OBJECT Too many inrush power IRPs have been queued. 0x402 Reserved Pending IRP list DEVICE_OBJECT Too many inrush power IRPs have been queued. 0x403 Reserved Pending IRP list DEVICE_OBJECT Too many inrush power IRPs have been queued. 0x404 Reserved IO_STACK_LOCATION DEVICE_OBJECT A power IRP has been sent to a passive-level device object. 0x500 Reserved IRP DEVICE_OBJECT An unknown status was returned from a thermal power IRP. 0x600 DEVICE_OBJECT PDO Reserved Reserved A driver has attempted a duplicate registration with the Power Runtime Framework. 0x601 POP_FX_DEVICE device PEP_DEVICE_REGISTER PEP Reserved No Power Engine Plugins accepted device registration. 0x602 DEVICE_NODE device node Sleep count Reserved Device node sleep count does not match its activation count. 0x603 POP_FX_PLUGIN Work request type Reserved A Power Engine Plugin made an invalid work request. 0x605 Notification ID POP_FX_PLUGIN Reserved A Power Engine Plugin failed to accept mandatory device power management notification. 0x606 POP_FX_COMPONENT POP_FX_COMPONENT_FLAGS New condition for the component A Power Engine Plugin attempted to transition a critical system resource component to an Active (or Idle) condition when the resource was already Active (or Idle). 0x607 POP_FX_DEVICE NTSTATUS Reserved The acquisition of a runtime power management framework device-removal lock failed when it was required to succeed. 0x608 POP_FX_COMPONENT POP_FX_COMPONENT_FLAGS Reserved A driver has attempted to transition a component to idle without a preceding active request. 0x609 POP_FX_PLUGIN POP_FX_DEVICE Duplicate Request Type 0: DevicePowerRequired 1: DevicePowerNotRequired A Power Engine Plugin has requested either device power required or device power not required without an intervening request of the opposite type. 0x610 POP_FX_PLUGIN POP_FX_DEVICE Reserved A Power Engine Plugin has requested device power not required while a previous device power required request is outstanding. 0x611 POP_FX_PLUGIN POP_FX_DEVICE Invalid component index A Power Engine Plugin has requested an operation on an invalid component. 0x612 POP_FX_PLUGIN PowerEnginePlugin Reserved Reserved A Power Engine Plugin has requested additional work to be done in the context of a device notification where no buffer was supplied by PO for the request. 0x613 POP_FX_DEVICE Component index Operation 0: Complete device power not required 1: Report device powered on 2: Complete idle condition A driver has attempted to complete a request when no such outstanding request is pending. 0x614 POP_FX_DEVICE Component index Illegal parameter 0: PO_FX_FLAG_BLOCKING used at IRQL >= DISPATCH_LEVEL 1: PO_FX_FLAG_BLOCKING and PO_FX_FLAG_ASYNC_ONLY both specified 2: Invalid component index A driver has requested an active/idle transition on a component with an illegal parameter. 0x615 POP_FX_PLUGIN POP_FX_COMPONENT Illegal Action 0: Component not in idle state 0 1:Component is already active 2: No outstanding activation request 3: Outstanding idle state transition A Power Engine Plugin has illegally indicated the completion of a component activation. 0x616 POP_FX_PLUGIN POP_FX_COMPONENT Illegal Action 0: Invalid idle state 1: Component is already in the requested state 2: Requested a non-zero idle state without passing through idle state 0 A Power Engine Plugin has illegally requested a component idle state transition. 0x666 PPOP_PEP_ACTIVITY New activity type 0: DevicePowerOn 1: ComponentIdleStateChange 2: ComponentActivating 3: ComponentActive 4: DevicePowerOff 5: DeviceSuspend Conflicting activity type 0: DevicePowerOn 1: ComponentIdleStateChange 2: ComponentActivating 3: ComponentActive 4: DevicePowerOff 5: DeviceSuspend The default Power Engine Plugin has attempted to trigger a new activity that conflicts with another activity. 0x667 POP_PEP_ACTIVITY Activity type 0: DevicePowerOn 1: ComponentIdleStateChange 2: ComponentActivating 3: ComponentActive 4: DevicePowerOff 5: DeviceSuspend POP_PEP_ACTIVITY_STATUS Default Power Engine Plugin has attempted to complete an activity that is not running. 0x700 PEPHANDLE PEP_PPM_IDLE_SELECT Reserved A Power Engine Plugin has specified invalid processor idle dependencies. 0x701 The index of the selected idle state of the hung processor The PRCB address of the hung processor The index of the hung processor A processor was not able to complete an idle transition within the allocated interval. This indicates the specified processor is hung. 0x702 The index of the selected idle state of the processor The idle synchronization state of the processor The PRCB address of the hung processor A processor woke up from a non-interruptible state without the the OS initiating an explicit wake through the PEP (using the necessary PPM idle synchronization). Resolution General Notes In the preceding table, several of the parameters are pointers to structures. For example, if Parameter 2 is listed as DEVICE_OBJECT, then Parameter 2 is a pointer to a DEVICE_OBJECT structure. Some of the structures are defined in wdm.h, which is included in the Windows Driver Kit. For example, the following structures are defined in wdm.h. EXCEPTION_POINTERS DEVICE_OBJECT IO_STACK_LOCATION PEP_DEVICE_REGISTER Some of the structures that appear in the preceding table are not defined in any public header file. You can see the definitions of those structures by using the dt debugger command. The following example shows how to use the dt command to see the DEVICE_OBJECT_POWER_EXTENSION structure. 3: kd> dt nt!DEVICE_OBJECT_POWER_EXTENSION +0x000 IdleCount : Uint4B +0x004 BusyCount : Uint4B +0x008 BusyReference : Uint4B +0x00c TotalBusyCount : Uint4B +0x010 ConservationIdleTime : Uint4B +0x014 PerformanceIdleTime : Uint4B +0x018 DeviceObject : Ptr64 _DEVICE_OBJECT +0x020 IdleList : _LIST_ENTRY +0x030 IdleType : _POP_DEVICE_IDLE_TYPE +0x034 IdleState : _DEVICE_POWER_STATE +0x038 CurrentState : _DEVICE_POWER_STATE +0x040 Volume : _LIST_ENTRY +0x050 Specific : The following procedures will help you debug certain instances of this bug check. Debugging bug check 0xA0 when Parameter 1 equals 0x2 Examine the stack. Look for the ntoskrnl!PopExceptionFilter function. This function contains the following code as its first argument. (error_code << 16) | _LINE_ If the caller is PopExceptionFilter, the first argument to this function is of type PEXCEPTION_POINTERS. Note the value of this argument. Use the dt (Display Type) command and specify the value that you found in the previous step as argument. dt nt!_EXCEPTION_POINTERS argument This command displays the structure. Note the address of the context record. Use the .cxr (Display Context Record) command and specify the context record that you found in the previous step as record. .cxr record This command sets the register context to the proper value. Use a variety of commands to analyze the source of the error. Start with kb (Display Stack Backtrace) . Debugging bug check 0xA0 when Parameter 1 equals 0x7 Examine the stack. Look for the ntoskrnl!PopExceptionFilter function. The first argument to this function is of type PEXCEPTION_POINTERS. Note the value of this argument. Use the dt (Display Type) command and specify the value that you found in the previous step as argument. dt nt!_EXCEPTION_POINTERS argument This command displays the structure. Note the address of the context record. Use the .cxr (Display Context Record) command and specify the context record that you found in the previous step as record. .cxr record This command sets the register context to the proper value. Use a variety of commands to analyze the source of the error. Start with kb (Display Stack Backtrace) . Debugging bug check 0xA0 when Parameter 1 equals 0x101 Use the dt (Display Type) command and specify the value of Parameter 3 as argument. dt nt!_EXCEPTION_POINTERS argument This command displays the structure. Note the address of the context record. Use the .cxr (Display Context Record) command and specify the context record that you found the previous step as record. .cxr record This command sets the register context to the proper value. Use a variety of commands to analyze the source of the error. Start with kb (Display Stack Backtrace) . Bug Check 0xA1: PCI_BUS_DRIVER_INTERNAL The PCI_BUS_DRIVER_INTERNAL bug check has a value of 0x000000A1. This bug check indicates that the PCI Bus driver detected inconsistency problems in its internal structures and could not continue. Parameters None 
 Bug Check 0xA2: MEMORY_IMAGE_CORRUPT The MEMORY_IMAGE_CORRUPT bug check has a value of 0x000000A2. This bug check indicates that corruption has been detected in the image of an executable file in memory. Parameters The following parameters appear on the blue screen. Parameter 1 indicates the type of violation. The meaning of the other parameters depends on the value of Parameter 1. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause 0x02 If Parameter 3 is zero: The page number in the table page that failed If Parameter 3 is nonzero: The page number with the failing page run index Zero, or the index that failed to match the run 0 A table page check failure occurred. 0x03 The starting physical page number of the range The length (in pages) of the range The page number of the table page that contains this run The checksum for the range of memory listed is incorrect. Cause A cyclic redundancy check (CRC) check on the memory range has failed. On a system wake operation, various regions of memory might be checked to guard against memory failures. Bug Check 0xA3: ACPI_DRIVER_INTERNAL The ACPI_DRIVER_INTERNAL bug check has a value of 0x000000A3. This bug check indicates that the ACPI driver detected an internal inconsistency. Parameters The following parameters appear on the blue screen. Parameter Description 1 Reserved 2 Reserved 3 Reserved 4 Reserved Cause An inconsistency in the ACPI driver is so severe that continuing to run would cause serious problems. One possible source of this problem is a BIOS error. Bug Check 0xA4: CNSS_FILE_SYSTEM_FILTER The CNSS_FILE_SYSTEM_FILTER bug check has a value of 0x000000A4. This bug check indicates that a problem occurred in the CNSS file system filter. Parameters The following parameters appear on the blue screen. Parameter Description 1 Specifies source file and line number information. The high 16 bits (the first four hexadecimal digits after the "0x") identify the source file by its identifier number. The low 16 bits identify the source line in the file where the bug check occurred. 2 Reserved 3 Reserved 4 Reserved Cause The CNSS_FILE_SYSTEM_FILTER bug check might occur because nonpaged pool memory is full. If the nonpaged pool memory is completely full, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver that requires nonpaged pool memory can also trigger this error. Resolution To resolve a nonpaged pool memory depletion problem: Add new physical memory to the computer. This memory sincrease the quantity of nonpaged pool memory available to the kernel. Bug Check 0xA5: ACPI_BIOS_ERROR The ACPI_BIOS_ERROR bug check has a value of 0x000000A5. This bug check indicates that the Advanced Configuration and Power Interface (ACPI) BIOS of the computer is not fully compliant with the ACPI specification. Parameters Four bug check parameters appear on the blue screen. Parameter 1 indicates the kind of the incompatibility. The meaning of the other parameters depends on the value of Parameter 1. If the BIOS incompatibility is related to Plug and Play (PnP) or power management, the following parameters are used. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause 0x01 ACPI's deviceExtension ACPI's ResourceList 0: No resource list is found 1: No IRQ resource is found in list ACPI cannot find the System Control Interrupt (SCI) vector in the resources that are handed to it when ACPI is started. 0x02 (See the table later on this page) 0x03 The ACPI object that was being run The return value from the interpreter The name of the control method (in ULONG format) ACPI tried to run a control method while creating device extensions to represent the ACPI namespace, but this control method failed. 0x04 The ACPI extension that _PRW belongs to A pointer to the method The DataType returned (see Amli.h) ACPI evaluated a _PRW and expected to find an integer as a package element. 0x05 The ACPI extension that _PRW belongs to Aointer to the _PRW The number of elements in the _PRW ACPI evaluated a _PRW, and the package that came back failed to contain at least two elements. The ACPI specification requires that two elements always be present in a _PRW. 0x06 The ACPI extension that _PRx belongs to A pointer to the _PRx A pointer to the name of the object to look for ACPI tried to find a named object, but it could not find the object. 0x07 The ACPI extension that the method belongs to A pointer to the method The DataType returned (see Amli.h) ACPI evaluated a method and expected to receive a buffer in return. However, the method returned some other data type. 0x08 The ACPI extension that the method belongs to A pointer to the method The DataType returned (see Amli.h) ACPI evaluated a method and expected to receive an integer in return. However, the method returned some other data type. 0x09 The ACPI extension that the method belongs to A pointer to the method The DataType returned (see Amli.h) ACPI evaluated a method and expected to receive a package in return. However, the method returned some other data type. 0x0A The ACPI extension that the method belongs to A pointer to the method The DataType returned (see Amli.h) ACPI evaluated a method and expected to receive a string in return. However, the method returned some other data type. 0x0B The ACPI extension that _EJD belongs to The status that the interpreter returns The name of the object that ACPI is trying to find ACPI cannot find the object that an _EJD string references. 0x0C The ACPI extension that ACPI found a dock device for A pointer to the _EJD method 0: BIOS does not claim system is dockage 1: Duplicate device extensions for dock device ACPI provides faulty or insufficient information for dock support. 0x0D The ACPI extension that ACPI needs the object for The (ULONG) name of the method that ACPI looked for 0: Base case 1: Conflict ACPI could not find a required method or object in the namespace This bug check code is used if there is no _HID or _ADR present. 0x0E The NS PowerResource that ACPI needs the object for The (ULONG) name of the method that ACPI looked for 0: Base case ACPI could not find a required method or object in the namespace for a power resource (or entity other than a "device"). This bug check code is used if there is no _ON, _OFF, or _STA present for a power resource. 0x0F The current buffer that ACPI was parsing The buffer's tag The specified length of the buffer ACPI could not parse the resource descriptor. 0x10 (See the table later on this page) 0x11 (See the table later on this page) 0x14 The current buffer that ACPI was parsing The buffer's tag A pointer to a variable that contains the ULONGLONG length of the buffer ACPI could not parse the resource descriptor. The length exceeds MAXULONG. 0x15 The ACPI Machine Language (AML) context 1: Failed to load table 2: The Parameter Path String Object was not found 3: Failed to insert Parameter Data into the ParameterPath String Object 4: Out of system memory The NT status code ACPI had a fatal error when attempting to load a table. 0x16 A pointer to the parent NSOBJ A pointer to the illegal child ACPI namespace object Reserved ACPI had a fatal error when processing an xSDT. An object was declared as a child of a parent that cannot have children. If an interrupt routing failure or incompatibility has occurred, the following parameters are used. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause 0x2001 InterruptModel (integer) The return value from the interpreter A pointer to the PIC control method ACPI tried to evaluate the PIC control method but failed. 0x10001 A pointer to the device object A pointer to the parent of the device object A pointer to the _PRT object (See the following Comments section) ACPI tried to do interrupt routing, but failed. 0x10002 A pointer to the device object A pointer to the string name that ACPI was looking for but could not find A pointer to the _PRT object (See the following Comments section) ACPI could not find the link node referenced in a _PRT. 0x10003 A pointer to the device object The device ID or function number. This DWORD is encoded as follows: bits 5:0 are the PCI device number, and bits 8:6 are the PCI function number A pointer to the _PRT object (See the following Comments section) ACPI could not find a mapping in the _PRT package for a device. 0x10005 A pointer to the _PRT object (See the following Comments section) A pointer to the current _PRT element. (This pointer is an index into the _PRT.) The device ID or function number. This DWORD is encoded as follows: bits 15:0 are the PCI function number, and bits 31:16 are the PCI device number ACPI found an entry in the _PRT that the function ID is not all F's for. (The generic format for a _PRT entry is that the device number is specified, but the function number is not.) 0x10006 A pointer to the link node. (This device is missing the _DIS method.) 0 0 ACPI found a link node, but it cannot disable the node. (Link nodes must be disabled to allow for reprogramming.) 0x10007 The vector that could not be found 0 0 The _PRT contained a reference to a vector that is not described in the I/O APIC entry's MAPIC table. 0x10008 The invalid interrupt level. 0 0 The ACPI SCI interrupt level is invalid. 0x10009 0 0 0 The Fixed ACPI Description Table (FADT) could not be located. 0x1000A 0 0 0 The Root System Description Pointer (RSDP) or Extended System Description Table (XSDT) could not be located 0x1000B The ACPI table signature A pointer to the ACPI table 0 The length of the ACPI table is not consistent with the table revision. 0x20000 The I/O port in the Fixed Table 0 0 The PM_TMR_BLK entry in the Fixed ACPI Description Table doesn't point to a working ACPI timer block. If a miscellaneous failure or incompatibility has occurred, the following parameters are used. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause 0x20000 The I/O port in the Fixed Table 0 0 The PM_TMR_BLK entry in the Fixed ACPI Description Table does not point to a working ACPI timer block. If Parameter 1 equals 0x02, the ACPI BIOS could not process the resource list for the PCI root buses. In this case, Parameter 3 specifies the exact problem, and the remaining parameters have the following definitions. Parameter 2 Parameter 3 Parameter 4 Cause The ACPI extension for the PCI bus 0x0 A pointer to the QUERY_RESOURCES IRP ACPI cannot convert the BIOS' resource list into the proper format. This probably represents an error in the BIOS' list encoding procedure. The ACPI extension for the PCI bus 0x1 A pointer to the QUERY_RESOURCE_REQUIREMENTS IRP ACPI cannot convert the BIOS' resource list into the proper format. This probably represents an error in the BIOS' list encoding procedure. The ACPI extension for the PCI bus 0x2 0 ACPI found an empty resource list. The ACPI extension for the PCI bus 0x3 A pointer to the PNP CRS descriptor ACPI could not find the current bus number in the CRS. The ACPI extension for the PCI bus A pointer to the resource list for PCI A pointer to the E820 memory table The list of resources that PCI claims to decode overlaps with the list of memory regions that the E820 BIOS interface reports. (This kind of conflict is never permitted.) If Parameter 1 equals 0x10, the ACPI BIOS could not determine the system-to-device-state mapping correctly. In this situation, Parameter 3 specifies the exact problem, and the remaining parameters have the following definitions. Parameter 2 Parameter 3 Parameter 4 Cause The ACPI extension whose mapping is needed 0x0 The DEVICE_POWER_STATE (this is "x+1") _PRx was mapped back to a non-supported S-state. The ACPI extension whose mapping is needed 0x1 The SYSTEM_POWER_STATE that cannot be mapped ACPI cannot find a D-state to associate with the S-state. The ACPI extension whose mapping is needed 0x2 The SYSTEM_POWER_STATE that cannot be mapped The device claims to be able to wake the system when the system is in this S-state, but the system does not actually support this S-state. If Parameter 1 equals 0x11, the system could not enter ACPI mode. In this situation, Parameter 2 specifies the exact problem, and the remaining parameters have the following definitions. Parameter 2 Parameter 3 Parameter 4 Cause 0x0 0 0 The system could not initialize the AML interpreter. 0x1 0 0 The system could not find RSDT. 0x2 0 0 The system could not allocate critical driver structures. 0x3 0 0 The system could not load RSDT. 0x4 0 0 The system could not load DDBs. 0x5 0 0 The system cannot connect the Interrupt vector. 0x6 0 0 SCI_EN never becomes set in PM1 Control Register. 0x7 A pointer to the table that had a bad checksum Creator revision The table checksum is incorrect. 0x8 A pointer to the table that ACPI failed to load Creator revision ACPI failed to load DDB. 0x9 FADT version 0 Unsupported firmware version. 0xA 0 0 The system could not find MADT. 0xB 0 0 The system could not find any valid Local SAPIC structures in the MADT. Cause The value of Parameter 1 indicates the error. Resolution If you are debugging this error, use the !analyze -v extension. This extension displays all the relevant data (device extensions, nsobjects, or whatever is appropriate to the specific error). If you are not performing debugging, this error indicates that you have to obtain a new BIOS. Contact your vendor or visit the internet to get a new BIOS. If you cannot obtain an updated BIOS, or the latest BIOS is still not ACPI compliant, you can turn off ACPI mode during text-mode setup. To turn off ACPI mode, press the F7 key when you are prompted to install storage drivers. The system does not notify you that the F7 key was pressed, but it silently disables ACPI and enables you to continue your installation. Remarks A PCI routing table (_PRT) is the ACPI BIOS object that specifies how all the PCI devices are connected to the interrupt controllers. A computer with multiple PCI buses might have multiple _PRTs. You can display a _PRT in the debugger by using the !acpikd.nsobj extension together with the address of the _PRT object as its argument. Bug Check 0xA7: BAD_EXHANDLE The BAD_EXHANDLE bug check has a value of 0x000000A7. This bug check indicates that the kernel-mode handle table detected an inconsistent handle table entry state. Parameters None Bug Check 0xAB: SESSION_HAS_VALID_POOL_ON_EXIT The SESSION_HAS_VALID_POOL_ON_EXIT bug check has a value of 0x000000AB. This bug check indicates that a session unload occurred while a session driver still held memory. Parameters The following parameters appear on the blue screen. Parameter Description 1 The session ID. 2 The number of paged pool bytes that are leaking. 3 The number of nonpaged pool bytes that are leaking. 4 The total number of paged and nonpaged allocations that are leaking. (The number of nonpaged allocations are in the upper half of this word, and paged allocations are in the lower half of this word.) Cause The SESSION_HAS_VALID_POOL_ON_EXIT bug check occurs because a session driver does not free its pool allocations before a session unload. This bug check indicates a bug in Win32k.sys, Atmfd.dll, Rdpdd.dll, or a video driver. Bug Check 0xAC: HAL_MEMORY_ALLOCATION The HAL_MEMORY_ALLOCATION bug check has a value of 0x000000AC. This bug check indicates that the hardware abstraction layer (HAL) could not obtain sufficient memory. Parameters The following parameters appear on the blue screen. Parameter Description 1 The allocation size 2 0 3 A pointer to a string that contains the file name 4 Reserved Cause The HAL could not obtain non-paged memory pool for a system critical requirement. These critical memory allocations are made early in system initialization, and the HAL_MEMORY_ALLOCATION bug check is not expected. This bug check probably indicates some other critical error such as pool corruption or massive consumption. Bug Check 0xAD: VIDEO_DRIVER_DEBUG_REPORT_REQUEST The VIDEO_DRIVER_DEBUG_REPORT_REQUEST bug check has a value of 0x000000AD. This bug check indicates that the video port created a non-fatal minidump on behalf of the video driver during run time. Parameters The following parameters appear on the blue screen. Parameter Description 1 Driver-specific 2 Driver-specific 3 Driver-specific 4 The number of all reports that have been requested since boot time Remarks The video port created a non-fatal minidump on behalf of the video driver during run time because the video driver requested a debug report. The VIDEO_DRIVER_DEBUG_REPORT_REQUEST bug check can be caused only by minidump creation, not by the creation of a full dump or kernel dump. Bug Check 0xB4: VIDEO_DRIVER_INIT_FAILURE The VIDEO_DRIVER_INIT_FAILURE bug check has a value of 0x000000B4. This indicates that Windows was unable to enter graphics mode. Parameters None Cause The system was not able to go into graphics mode because no display drivers were able to start. This usually occurs when no video miniport drivers are able to load successfully. Bug Check 0xB8: ATTEMPTED_SWITCH_FROM_DPC The ATTEMPTED_SWITCH_FROM_DPC bug check has a value of 0x000000B8. This indicates that an illegal operation was attempted by a delayed procedure call (DPC) routine. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The original thread causing the failure 2 The new thread 3 The stack address of the original thread 4 Reserved Cause A wait operation, attach process, or yield was attempted from a DPC routine. This is an illegal operation. Resolution The stack trace will lead to the code in the original DPC routine that caused the error. Bug Check 0xB9: CHIPSET_DETECTED_ERROR The CHIPSET_DETECTED_ERROR bug check has a value of 0x000000B9. This bug check appears very infrequently. Bug Check 0xBA: SESSION_HAS_VALID_VIEWS_ON_EXIT The SESSION_HAS_VALID_VIEWS_ON_EXIT bug check has a value of 0x000000BA. This indicates that a session driver still had mapped views when the session unloaded. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The session ID 2 The number of mapped views that are leaking 3 The address of this session's mapped views table 4 The size of this session's mapped views table Cause This error is caused by a session driver not unmapping its mapped views prior to a session unload. This indicates a bug in win32k.sys, atmfd.dll, rdpdd.dll, or a video driver. Bug Check 0xBB: NETWORK_BOOT_INITIALIZATION_FAILED The NETWORK_BOOT_INITIALIZATION_FAILED bug check has a value of 0x000000BB. This indicates that Windows failed to successfully boot off a network. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The part of network initialization that failed. Possible values are: 1: Failure while updating the registry. 2: Failure while starting the network stack. Windows sends IOCTLs to the redirector and datagram receiver, then waits for the redirector to be ready. If it is not ready within a certain period of time, this error is issued. 3: Failure while sending the DHCP IOCTL to TCP. This is how Windows informs the transport of its IP address. 2 The failure status 3 Reserved 4 Reserved Cause This error is caused when Windows is booting off a network, and a critical function fails during I/O initialization. Bug Check 0xBC: NETWORK_BOOT_DUPLICATE_ADDRESS The NETWORK_BOOT_DUPLICATE_ADDRESS bug check has a value of 0x000000BC. This indicates that a duplicate IP address was assigned to this machine while booting off a network. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The IP address, shown as a DWORD. An address of the form aa.bb.cc.dd will appear as 0xDDCCBBAA. 2 The hardware address of the other machine. (For an Ethernet connection, see the following note.) 3 The hardware address of the other machine. (For an Ethernet connection, see the following note.) 4 The hardware address of the other machine. (For an Ethernet connection, this will be zero.) Note When Parameter 4 equals zero, this indicates an Ethernet connection. In that case, the MAC address will be stored in Parameter 2 and Parameter 3. An Ethernet MAC address of the form aa-bb-cc-dd-ee-ff will cause Parameter 2 to equal 0xAABBCCDD, and Parameter 3 to equal 0xEEFF0000. Cause This error indicates that when TCP/IP sent out an ARP for its IP address, it got a response from another machine indicating a duplicate IP address. When Windows is booting off a network, this is a fatal error. Bug Check 0xBE: ATTEMPTED_WRITE_TO_READONLY_MEMORY The ATTEMPTED_WRITE_TO_READONLY_MEMORY bug check has a value of 0x000000BE. This is issued if a driver attempts to write to a read-only memory segment. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Virtual address of attempted write 2 PTE contents 3 Reserved 4 Reserved If the driver responsible for the error can be identified, its name is printed on the blue screen and stored in memory at the location (PUNICODE_STRING) KiBugCheckDriver. Bug Check 0xBF: MUTEX_ALREADY_OWNED The MUTEX_ALREADY_OWNED bug check has a value of 0x000000BF. This indicates that a thread attempted to acquire ownership of a mutex it already owned. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The address of the mutex 2 The thread that caused the error 3 0 4 Reserved Bug Check 0xC1: SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION The SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION bug check has a value of 0x000000C1. This indicates that the driver wrote to an invalid section of the special pool. Parameters The following parameters are displayed on the blue screen. Parameter 4 indicates the type of violation. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of Error Address that the driver tried to free Reserved 0 0x20 A driver attempted to free pool which was not allocated. Address that the driver tried to free Bytes requested Bytes calculated (actually given to the caller) 0x21, 0x22 A driver attempted to free a bad address. Address that the driver tried to free Address where bits are corrupted Reserved 0x23 A driver freed an address, but nearby bytes within the same page have been corrupted. Address that the driver tried to free Address where bits are corrupted Reserved 0x24 A driver freed an address, but bytes occurring after the end of the allocation have been overwritten. Current IRQL Pool type Number of bytes 0x30 A driver attempted to allocate pool at an incorrect IRQL. Current IRQL Pool type Address that the driver tried to free 0x31 A driver attempted to free pool at an incorrect IRQL. Address that the driver tried to free Address where one bit is corrupted Reserved 0x32 A driver freed an address, but nearby bytes within the same page have a single bit error. The _POOL_TYPE codes are enumerated in ntddk.h. In particular, zero indicates nonpaged pool and one indicates paged pool. Cause A driver has written to an invalid section of the special pool. Resolution Obtain a backtrace of the current thread. This backtrace will usually reveal the source of the error. For information about the special pool, consult the Driver Verifier section of the Windows Driver Kit. 
 Bug Check 0xC2: BAD_POOL_CALLER The BAD_POOL_CALLER bug check has a value of 0x000000C2. This indicates that the current thread is making a bad pool request. Parameters The following parameters are displayed on the blue screen. Parameter 1 indicates the type of violation. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of Error 0x00 0 Pool type Pool tag The current thread requested a zero-byte pool allocation. 0x01, 0x02, 0x04 Pointer to pool header First part of pool header contents 0 The pool header has been corrupted. 0x06 Reserved Pointer to pool header Pool header contents The current thread attempted to free the pool, which was already freed. 0x07 Reserved Pool header contents Address of the block of pool being freed The current thread attempted to free the pool, which was already freed. 0x08 Current IRQL Pool type Size of allocation, in bytes The current thread attempted to allocate the pool at an invalid IRQL. 0x09 Current IRQL Pool type Address of pool The current thread attempted to free the pool at an invalid IRQL. 0x0A Address of pool Allocator's tag Tag being used in the attempted free The current thread attempted to free pool memory by using the wrong tag. (The memory might belong to another component.) 0x0B, 0x0C, or 0x0D Address of pool Pool allocation's tag Bad quota process pointer The current thread attempted to release a quota on a corrupted pool allocation. 0x40 Starting address Start of system address space 0 The current thread attempted to free the kernel pool at a user-mode address. 0x41 Starting address Physical page frame Highest physical page frame The current thread attempted to free a non-allocated nonpaged pool address. 0x42 or 0x43 Address being freed 0 0 The current thread attempted to free a virtual address that was never in any pool. 0x44 Starting address Reserved 0 The current thread attempted to free a non-allocated nonpaged pool address. 0x46 Starting address 0 0 The current thread attempted to free an invalid pool address. 0x47 Starting address Physical page frame Highest physical page frame The current thread attempted to free a non-allocated nonpaged pool address. 0x48 Starting address Reserved Reserved The current thread attempted to free a non-allocated paged pool address. 0x50 Starting address Start offset, in pages, from beginning of paged pool Size of paged pool, in bytes The current thread attempted to free a non-allocated paged pool address. 0x60 Starting address 0 0 The current thread attempted to free an invalid contiguous memory address. (The caller of MmFreeContiguousMemory is passing a bad pointer.) 0x99 Address that is being freed 0 0 The current thread attempted to free pool with an invalid address. (This code can also indicate corruption in the pool header.) 0x9A Pool type Number of bytes requested Pool tag The current thread marked an allocation request MUST_SUCCEED. (This pool type is no longer supported.) 0x9B Pool type Number of bytes requested Caller's address The current thread attempted to allocate a pool with a tag of 0 (This would be untrackable, and possibly corrupt the existing tag tables.) 0x9C Pool type Number of bytes requested Caller's address The current thread attempted to allocate a pool with a tag of "BIG". (This would be untrackable and could possibly corrupt the existing tag tables.) 0x9D Incorrect pool tag used Pool type Caller's address The current thread attempted to allocate a pool with a tag that does not contain any letters or digits. Using such tags makes tracking pool issues difficult. 0x41286 Reserved Reserved Start offset from the beginning of the paged pool, in pages The current thread attempted to free a paged pool address in the middle of an allocation. The _POOL_TYPE codes are enumerated in Ntddk.h. In particular, 0 indicates nonpaged pool and 1 indicates paged pool. Cause An invalid pool request has been made by the current thread. Resolution Activate Driver Verifier to obtain more information about these errors. For details, see the Driver Verifier section of the Windows Driver Kit (WDK). Bug Check 0xC4: DRIVER_VERIFIER_DETECTED_VIOLATION The DRIVER_VERIFIER_DETECTED_VIOLATION bug check has a value of 0x000000C4. This is the general bug check code for fatal errors found by Driver Verifier. For more information, see Handling a Bug Check When Driver Verifier is Enabled. Parameters Four bug check parameters are displayed on the blue screen. Parameter 1 identifies the type of violation. The meaning of the remaining parameters varies with the value of Parameter 1. The parameter values are described in the following table. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of Error 0x00 Current IRQL Pool type 0 The driver requested a zero-byte pool allocation. 0x01 Current IRQL Pool type Size of allocation, in bytes The driver attempted to allocate paged memory with IRQL > APC_LEVEL. 0x02 Current IRQL Pool type Size of allocation, in bytes The driver attempted to allocate nonpaged memory with IRQL > DISPATCH_LEVEL. 0x10 Bad Address 0 0 The driver attempted to free an address that was not returned from an allocate call. 0x11 Current IRQL Pool type Address of pool The driver attempted to free paged pool with IRQL > APC_LEVEL. 0x12 Current IRQL Pool type Address of pool The driver attempted to free nonpaged pool with IRQL > DISPATCH_LEVEL. 0x13 or 0x14 Reserved Pointer to pool header Pool header contents The driver attempted to free memory pool which was already freed. 0x16 Reserved Pool address 0 The driver attempted to free pool at a bad address, or the driver passed invalid parameters to a memory routine. 0x30 Current IRQL Requested IRQL 0 The driver passed an invalid parameter to KeRaiseIrql. (The parameter was either a value lower than the current IRQL, or a value higher than HIGH_LEVEL. This may be the result of using an uninitialized parameter.) 0x31 Current IRQL Requested IRQL 0: New IRQL is bad 1: New IRQL is invalid inside a DPC routine The driver passed an invalid parameter to KeLowerIrql. (The parameter was either a value higher than the current IRQL, or a value higher than HIGH_LEVEL. This may be the result of using an uninitialized parameter.) 0x32 Current IRQL Spin lock address 0 The driver called KeReleaseSpinLock at an IRQL other than DISPATCH_LEVEL. (This may be due to a double-release of a spin lock.) 0x33 Current IRQL Fast mutex address 0 The driver attempted to acquire fast mutex with IRQL > APC_LEVEL. 0x34 Current IRQL Fast mutex address 0 The driver attempted to release fast mutex at an IRQL other than APC_LEVEL. 0x35 Current IRQL Spin lock address Old IRQL The kernel released a spin lock with IRQL not equal to DISPATCH_LEVEL. 0x36 Current IRQL Spin lock number Old IRQL The kernel released a queued spin lock with IRQL not equal to DISPATCH_LEVEL. 0x37 Current IRQL Thread APC disable count Resource The driver tried to acquire a resource, but APCs are not disabled. 0x38 Current IRQL Thread APC disable count Resource The driver tried to release a resource, but APCs are not disabled. 0x39 Current IRQL Thread APC disable count Mutex The driver tried to acquire a mutex "unsafe" with IRQL not equal to APC_LEVEL on entry. 0x3A Current IRQL Thread APC disable count Mutex The driver tried to release a mutex "unsafe" with IRQL not equal to APC_LEVEL on entry. 0x3C Handle passed to routine Object type 0 The driver called ObReferenceObjectByHandle with a bad handle. 0x3D 0 0 Address of the bad resource The driver passed a bad (unaligned) resource to ExAcquireResourceExclusive. 0x3E 0 0 0 The driver called KeLeaveCriticalRegion for a thread that is not currently in a critical region. 0x3F Object address New object reference count. -1: dereference case 1: reference case 0 The driver applied ObReferenceObject to an object that has a reference count of zero, or the driver applied ObDereferenceObject to an object that has a reference count of zero. 0x40 Current IRQL Spin lock address 0 The driver called KeAcquireSpinLockAtDpcLevel with IRQL < DISPATCH_LEVEL. 0x41 Current IRQL Spin lock address 0 The driver called KeReleaseSpinLockFromDpcLevel with IRQL < DISPATCH_LEVEL. 0x42 Current IRQL Spin lock address 0 The driver called KeAcquireSpinLock with IRQL > DISPATCH_LEVEL. 0x51 Base address of allocation Address of the reference beyond the allocation Number of charged bytes The driver attempted to free memory after having written past the end of the allocation. A bug check with this parameter occurs only when the Pool Tracking option of Driver Verifier is active. 0x52 Base address of allocation Reserved Number of charged bytes The driver attempted to free memory after having written past the end of the allocation. A bug check with this parameter occurs only when the Pool Tracking option of Driver Verifier is active. 0x53, 0x54, or 0x59 Base address of allocation Reserved Reserved The driver attempted to free memory after having written past the end of the allocation. A bug check with this parameter occurs only when the Pool Tracking option of Driver Verifier is active. 0x60 Bytes allocated from paged pool Bytes allocated from nonpaged pool Total number of allocations that were not freed The driver is unloading without first freeing its pool allocations. A bug check with this parameter occurs only when the Pool Tracking option of Driver Verifier is active. 0x61 Bytes allocated from paged pool Bytes allocated from nonpaged pool Total number of allocations that were not freed A driver thread is attempting to allocate pool memory while the driver is unloading. A bug check with this parameter occurs only when the Pool Tracking option of Driver Verifier is active. 0x62 Name of the driver Reserved Total number of allocations that were not freed, including both paged and nonpaged pool The driver is unloading without first freeing its pool allocations. A bug check with this parameter occurs only when the Pool Tracking option of Driver Verifier is active. 0x70 Current IRQL MDL address Access mode The driver called MmProbeAndLockPages with IRQL > DISPATCH_LEVEL. 0x71 Current IRQL MDL address Process address The driver called MmProbeAndLockProcessPages with IRQL > DISPATCH_LEVEL. 0x72 Current IRQL MDL address Process address The driver called MmProbeAndLockSelectedPages with IRQL > DISPATCH_LEVEL. 0x73 Current IRQL In 32-bit Windows: Low 32 bits of the physical address In 64-bit Windows: the 64-bit physical address Number of bytes The driver called MmMapIoSpace with IRQL > DISPATCH_LEVEL. 0x74 Current IRQL MDL address Access mode The driver called MmMapLockedPages in kernel mode with IRQL > DISPATCH_LEVEL. 0x75 Current IRQL MDL address Access mode The driver called MmMapLockedPages in user mode with IRQL > APC_LEVEL. 0x76 Current IRQL MDL address Access mode The driver called MmMapLockedPagesSpecifyCache in kernel mode with IRQL > DISPATCH_LEVEL. 0x77 Current IRQL MDL address Access mode The driver called MmMapLockedPagesSpecifyCache in user mode with IRQL > APC_LEVEL. 0x78 Current IRQL MDL address 0 The driver called MmUnlockPages with IRQL > DISPATCH_LEVEL. 0x79 Current IRQL Virtual address being unmapped MDL address The driver called MmUnmapLockedPages in kernel mode with IRQL > DISPATCH_LEVEL. 0x7A Current IRQL Virtual address being unmapped MDL address The driver called MmUnmapLockedPages in user mode with IRQL > APC_LEVEL. 0x7B Current IRQL Virtual address being unmapped Number of bytes The driver called MmUnmapIoSpace with IRQL > APC_LEVEL. 0x7C MDL address MDL flags 0 The driver called MmUnlockPages, and passed an MDL whose pages were never successfully locked. 0x7D MDL address MDL flags 0 The driver called MmUnlockPages, and passed an MDL whose pages are from nonpaged pool. (These should never be unlocked.) 0x7E Current IRQL DISPATCH_LEVEL 0 The driver called MmAllocatePagesForMdl, MmAllocatePagesForMdlEx, or MmFreePagesFromMdl with IRQL > DISPATCH_LEVEL. 0x7F Current IRQL MDL address MDL flags The driver called BuildMdlForNonPagedPool and passed an MDL whose pages are from paged pool. 0x80 Current IRQL Event address 0 The driver called KeSetEvent with IRQL > DISPATCH_LEVEL. 0x81 MDL address MDL flags 0 The driver called MmMapLockedPages. (You should use MmMapLockedPagesSpecifyCache instead, with the BugCheckOnFailure parameter set to FALSE.) 0x82 MDL address MDL flags 0 The driver called MmMapLockedPagesSpecifyCache with the BugCheckOnFailure parameter equal to TRUE. (This parameter should be set to FALSE.) 0x83 Start of physical address range to map Number of bytes to map First page frame number that isn't locked down The driver called MmMapIoSpace without having locked down the MDL pages. The physical pages represented by the physical address range being mapped must have been locked down prior to making this call. 0x85 MDL address Number of pages to map First page frame number that isn't locked down The driver called MmMapLockedPages without having locked down the MDL pages. 0x89 MDL address Pointer to the non-memory page in the MDL The non-memory page number in the MDL An MDL is not marked as "I/O", but it contains non-memory page addresses. 0x91 Reserved Reserved Reserved The driver switched stacks using a method that is not supported by the operating system. The only supported way to extend a kernel mode stack is by using KeExpandKernelStackAndCallout. 0xA0 (Windows Server 2003 and later operating systems only) Pointer to the IRP making the read or write request Device object of the lower device Number of the sector in which the error was detected A cyclic redundancy check (CRC) error was detected on a hard disk. A bug check with this parameter occurs only when the Disk Integrity Checking option of Driver Verifier is active. 0xA1 (Windows Server 2003 and later operating systems only) Copy of the IRP making the read or write request. (The actual IRP has been completed.) Device object of the lower device Number of the sector in which the error was detected A CRC error was detected on a sector (asynchronously). A bug check with this parameter occurs only when the Disk Integrity Checking option of Driver Verifier is active. 0xA2 (Windows Server 2003 and later operating systems only) IRP making the read or write request, or a copy of this IRP Device object of the lower device Number of the sector in which the error was detected The CRCDISK checksum copies don't match. This could be a paging error. A bug check with this parameter occurs only when the Disk Integrity Checking option of Driver Verifier is active. 0xB0 (Windows Vista and later operating systems only) MDL address MDL flags Incorrect MDL flags The driver called MmProbeAndLockPages for an MDL with incorrect flags. For example, the driver passed an MDL created by MmBuildMdlForNonPagedPool to MmProbeAndLockPages. 0xB1 (Windows Vista and later operating systems only) MDL address MDL flags Incorrect MDL flags The driver called MmProbeAndLockProcessPages for an MDL with incorrect flags. For example, the driver passed an MDL created by MmBuildMdlForNonPagedPool to MmProbeAndLockProcessPages. 0xB2 (Windows Vista and later operating systems only) MDL address MDL flags Incorrect MDL flags The driver called MmMapLockedPages for an MDL with incorrect flags. For example, the driver passed an MDL that is already mapped to a system address or that was not locked to MmMapLockedPages. 0xB3 (Windows Vista and later operating systems only) MDL address MDL flags Missing MDL flags (at least one was expected) The driver called MmMapLockedPages for an MDL with incorrect flags. For example, the driver passed an MDL that is not locked to MmMapLockedPages. 0xB4 (Windows Vista and later operating systems only) MDL address MDL flags Unexpected partial MDL flag The driver called MmUnlockPages for a partial MDL. A partial MDL is one that was created by IoBuildPartialMdl. 0xC0 (Windows Vista and later operating systems only) Address of the IRP Reserved Reserved The driver called IoCallDriver with interrupts disabled. 0xC1 (Windows Vista and later operating systems only) Address of the driver dispatch routine Reserved Reserved A driver dispatch routine was returned with interrupts disabled. 0xC2 (Windows Vista and later operating systems only) Reserved Reserved Reserved The driver called a Fast I/O dispatch routine after interrupts were disabled. 0xC3 (Windows Vista and later operating systems only) Address of the driver Fast I/O dispatch routine Reserved Reserved A driver Fast I/O dispatch routine was returned with interrupts disabled. 0xC5 (Windows Vista and later operating systems only) Address of the driver dispatch routine The current thread's APC disable count The thread's APC disable count prior to calling the driver dispatch routine A driver dispatch routine has changed the thread's APC disable count. The APC disable count is decremented each time a driver calls KeEnterCriticalRegion, FsRtlEnterFileSystem, or acquires a mutex. The APC disable count is incremented each time a driver calls KeLeaveCriticalRegion, KeReleaseMutex, or FsRtlExitFileSystem. Because these calls should always be in pairs, the APC disable count should be zero whenever a thread is exited. A negative value indicates that a driver has disabled APC calls without re-enabling them. A positive value indicates that the reverse is true. 0xC6 (Windows Vista and later operating systems only) Address of the driver Fast I/O dispatch routine Current thread's APC disable count The thread's APC disable count prior to calling the Fast I/O driver dispatch routine A driver Fast I/O dispatch routine has changed the thread's APC disable count. The APC disable count is decremented each time a driver calls KeEnterCriticalRegion, FsRtlEnterFileSystem, or acquires a mutex. The APC disable count is incremented each time a driver calls KeLeaveCriticalRegion, KeReleaseMutex, or FsRtlExitFileSystem. Because these calls should always be in pairs, the APC disable count should be zero whenever a thread is exited. A negative value indicates that a driver has disabled APC calls without re-enabling them. A positive value indicates that the reverse is true. 0xCA (Windows Vista and later operating systems only) Address of the lookaside list Reserved Reserved The driver has attempted to re-initialize a lookaside list. 0xCB (Windows Vista and later operating systems only) Address of the lookaside list Reserved Reserved The driver has attempted to delete an uninitialized lookaside list. 0xCC (Windows Vista and later operating systems only) Address of the lookaside list Starting address of the pool allocation Size of the pool allocation The driver has attempted to free a pool allocation that contains an active lookaside list. 0xCD (Windows Vista and later operating systems only) Address of the lookaside list Block size specified by the caller Minimum supported block size The driver has attempted to create a lookaside list with an allocation block size that is too small. 0xD0 (Windows Vista and later operating systems only) Address of the ERESOURCE structure Reserved Reserved The driver has attempted to re-initialize an ERESOURCE structure. 0xD1 (Windows Vista and later operating systems only) Address of the ERESOURCE structure Reserved Reserved The driver has attempted to delete an uninitialized ERESOURCE structure. 0xD2 (Windows Vista and later operating systems only) Address of the ERESOURCE structure Starting address of the pool allocation Size of the pool allocation The driver has attempted to free a pool allocation that contains an active ERESOURCE structure. 0xD5 (Windows Vista and later operating systems only) Address of the IO_REMOVE_LOCK structure created by the checked build version of the driver Current IoReleaseRemoveLock tag Reserved The current IoReleaseRemoveLock tag does not match the previous IoAcquireRemoveLock tag. If the driver calling IoReleaseRemoveLock is not in a checked build, Parameter 2 is the address of the shadow IO_REMOVE_LOCK structure created by Driver Verifier on behalf of the driver. In this case, the address of the IO_REMOVE_LOCK structure used by the driver is not used at all, because Driver Verifier is replacing the lock address for all the remove lock APIs. A bug check with this parameter occurs only when the I/O Verification option of Driver Verifier is active. 0xD6 (Windows Vista and later operating systems only) Address of the IO_REMOVE_LOCK structure created by the checked build version of the driver Tag that does not match previous IoAcquireRemoveLock tag Previous IoAcquireRemoveLock tag The current IoReleaseRemoveLockAndWait tag does not match the previous IoAcquireRemoveLock tag. If the driver calling IoReleaseRemoveLock is not a checked build, Parameter 2 is the address of the shadow IO_REMOVE_LOCK structure created by Driver Verifier on behalf of the driver. In this case, the address of the IO_REMOVE_LOCK structure used by the driver is not used at all, because Driver Verifier is replacing the lock address for all the remove lock APIs. A bug check with this parameter occurs only when the I/O Verification option of Driver Verifier is active. 0xD7 (Windows 7 operating systems and later only) Address of the checked build Remove Lock structure that is used internally by Driver Verifier Address of the Remove Lock structure that is specified by the driver Reserved A Remove Lock cannot be re-initialized, even after it calls IoReleaseRemoveLockAndWait, because other threads might still be using that lock (by calling IoAcquireRemoveLock). The driver should allocate the Remove Lock inside its device extension, and initialize it a single time. The lock will be deleted together with the device extension. 0xDA (Windows Vista and later operating systems only) Starting address of the driver WMI callback address inside the driver Reserved An attempt was made to unload a driver that has not deregistered its WMI callback function. 0xDB (Windows Vista and later operating systems only) Address of the device object Reserved Reserved An attempt was made to delete a device object that was not deregistered from WMI. 0xDC (Windows Vista and later operating systems only) Reserved Reserved Reserved An invalid RegHandle value was specified as a parameter of the function EtwUnregister. 0xDD (Windows Vista and later operating systems only) Address of the call to EtwRegister Starting address of the unloading driver For Windows 8Windows 8 and later versions, this parameter is the ETW RegHandle value. An attempt was made to unload a driver without calling EtwUnregister. 0xDF (Windows 7 operating systems and later only) Synchronization object address The synchronization object is in session address space. Synchronization objects are not allowed in session address space because they can be manipulated from another session or from system threads that have no session virtual address space. 0xE0 (Windows Vista and later operating systems only) User-mode address that is used as a parameter Size ,in bytes, of the address range that is used as a parameter Reserved A call was made to an operating system kernel function that specified a user-mode address as a parameter. 0xE1 (Windows Vista and later operating systems only) Address of the synchronization object Reserved Reserved A synchronization object was found to have an address that was either invalid or pageable. 0xE2 (Windows Vista and later operating systems only) Address of the IRP User-mode address present in the IRP Reserved An IRP with Irp->RequestorMode set to KernelMode was found to have a user-mode address as one of its members. 0xE3 (Windows Vista and later operating systems only) Address of the call to the API User-mode address used as a parameter in the API Reserved A driver has made a call to a kernel-mode ZwXxx routine with a user-mode address as a parameter. 0xE4 (Windows Vista and later operating systems only) Address of the call to the API Address of the malformed UNICODE_STRING structure Reserved A driver has made a call to a kernel-mode ZwXxx routine with a malformed UNICODE_STRING structure as a parameter. 0xE5 (Windows Vista and later operating systems only) Current IRQL Reserved Reserved A call was made to a Kernel API at the incorrect IRQL. 0xEA (Windows Vista and later operating systems only) Current IRQL The thread's APC disable count Address of the pushlock A driver has attempted to acquire a pushlock while APCs are enabled. 0xEB (Windows Vista and later operating systems only) Current IRQL The thread's APC disable count Address of the pushlock A driver has attempted to release a pushlock while APCs are enabled. 0xF0 (Windows Vista and later operating systems only) Address of the destination buffer Address of the source buffer Number of bytes to copy A driver called the memcpy function with overlapping source and destination buffers. 0xF5 (Windows Vista and later operating systems only) Address of the NULL handle Object type Reserved A driver passed a NULL handle to ObReferenceObjectByHandle. 0xF6 (Windows 7 operating systems and later) Handle value being referenced Address of the current process Address inside the driver that performs the incorrect reference A driver references a user-mode handle as kernel mode. 0xF7 (Windows 7 operating systems and later) Handle value specified by the caller Object type specified by the caller AccessMode specified by the caller A driver is attempting a user-mode reference for a kernel handle in the context of the system process. 0xFA (Windows 7 operating systems and later) Completion routine address. IRQL value before it calls the completion routine Current IRQL value, after it calls the completion routine The IRP completion routine returned at an IRQL that was different from the IRQL the routine was called at. 0xFB (Windows 7 operating systems and later) Completion routine address Current thread's APC disable count The thread's APC disable count before it calls the IRP completion routine The thread's APC disable count was changed by the driver's IRP completion routine. The APC disable count is decremented each time a driver calls KeEnterCriticalRegion, FsRtlEnterFileSystem, or acquires a mutex. The APC disable count is incremented each time a driver calls KeLeaveCriticalRegion, KeReleaseMutex, or FsRtlExitFileSystem. Because these calls should always be in pairs, the APC disable count should be zero whenever a thread is exited. A negative value indicates that a driver has disabled APC calls without re-enabling them. A positive value indicates that the reverse is true. 0x105 (Windows 7 operating systems and later) Address of the IRP The driver uses ExFreePool instead of IoFreeIrp to release the IRP. 0x10A (Windows 7 operating systems and later) The driver attempts to charge pool quota to the Idle process. 0x10B (Windows 7 operating systems and later) The driver attempts to charge pool quota from a DPC routine. This is incorrect because the current process context is undefined. 0x110 (Windows 7 operating systems and later) Address of the Interrupt Service Routine Address of the extended context that was saved before it executed the ISR Address of the extended context was saved after it executed the ISR The interrupt service routine (ISR) for the driver has corrupted the extended thread context. 0x115 (Windows 7 operating systems and later) The address of the thread that is responsible for the shutdown, which might be deadlocked Driver Verifier detected that the system has taken longer than 20 minutes and shutdown is not complete. 0x11A (Windows 7 operating systems and later) Current IRQL The driver calls KeEnterCriticalRegion at IRQL > APC_LEVEL. 0x11B (Windows 7 operating systems and later) Current IRQL The driver calls KeLeaveCriticalRegion at IRQL > APC_LEVEL. 0x120 (Windows 7 operating systems and later) Address of the IRQL value Address of the Object to wait on Address of Timeout value The thread waits at IRQL > DISPATCH_LEVEL. Callers of KeWaitForSingleObject or KeWaitForMultipleObjects must run at IRQL <= DISPATCH_LEVEL. 0x121 (Windows 7 operating systems and later) Address of the IRQL value Address of the Object to wait on Address of Timeout value The thread waits at IRQL equals DISPATCH_LEVEL and the Timeout is NULL. Callers of KeWaitForSingleObject or KeWaitForMultipleObjects can run at IRQL <= DISPATCH_LEVEL. If a NULL pointer is supplied for Timeout, the calling thread remains in a wait state until the Object is signaled. 0x122 (Windows 7 operating systems and later) Address of the IRQL value Address of the Object to wait on Address of the Timeout value The thread waits at DISPATCH_LEVEL and Timeout value is not equal to zero (0). If the Timeout != 0, the callers of KeWaitForSingleObject or KeWaitForMultipleObjects must run at IRQL <= APC_LEVEL. 0x123 (Windows 7 operating systems and later) Address of the Object to wait on The caller of KeWaitForSingleObject or KeWaitForMultipleObjects specified the wait as UserMode, but the Object is on the kernel stack. 0x130 (Windows 7 operating systems and later) Address of work item The work item is in session address space. Work items are not allowed in session address space because they can be manipulated from another session or from system threads that have no session virtual address space. 0x131 (Windows 7 operating systems and later) Address of work item The work item is in pageable memory. Work items have to be in nonpageable memory because the kernel uses them at DISPATCH_LEVEL. 0x135 Address of IRP Number of milliseconds allowed between the IoCancelIrp call and the completion for this IRP The canceled IRP did not completed in the expected time The driver took longer than expected to complete the canceled IRP. 0x13A Address of the pool block being freed Incorrect value Address of the incorrect value The driver has called ExFreePool and Driver Verifier detects an error in one of the internal values that is used to track pool usage. 0x13B Address of the pool block being freed Address of the incorrect value Address of a pointer to the incorrect memory page The driver has called ExFreePool and Driver Verifier detects an error in one of the internal values that is used to track pool usage. 0x13C Address of the pool block being freed Incorrect value Address of the incorrect value The driver has called ExFreePool and Driver Verifier detects an error in one of the internal values that is used to track pool usage. 0x13D Address of the pool block being freed Address of the incorrect value Correct value that was expected The driver has called ExFreePool and Driver Verifier detects an error in one of the internal values that is used to track pool usage. 0x13E Pool block address specified by the caller Pool block address tracked by Driver Verifier Pointer to the pool block address that is tracked by Driver Verifier The pool block address specified by the caller of ExFreePool is different from the address tracked by Driver Verifier. 0x13F Address of the pool block being freed Number of bytes being freed Pointer to the number of bytes tracked by Driver Verifier The number of bytes of memory being freed in the call to ExFreePool is different from the number of bytes tracked by Driver Verifier. 0x1000 (Windows XP and later operating systems only) Address of the resource Reserved Reserved Self-deadlock: The current thread has tried to recursively acquire a resource. A bug check with this parameter occurs only when the Deadlock Detection option of Driver Verifier is active. 0x1001 (Windows XP and later operating systems only) Address of the resource that was the final cause of the deadlock Reserved Reserved Deadlock: A lock hierarchy violation has been found. A bug check with this parameter occurs only when the Deadlock Detection option of Driver Verifier is active. (Use the !deadlock extension for further information.) 0x1002 (Windows XP and later operating systems only) Address of the resource Reserved Reserved Uninitialized resource: A resource has been acquired without having been initialized first. A bug check with this parameter occurs only when the Deadlock Detection option of Driver Verifier is active. 0x1003 (Windows XP and later operating systems only) Address of the resource that is being released deadlocked Address of the resource that should have been released first Reserved Unexpected release: A resource has been released in an incorrect order. A bug check with this parameter occurs only when the Deadlock Detection option of Driver Verifier is active. 0x1004 (Windows XP and later operating systems only) Address of the resource Address of the thread that acquired the resource Address of the current thread Unexpected thread: The wrong thread releases a resource. A bug check with this parameter occurs only when the Deadlock Detection option of Driver Verifier is active. 0x1005 (Windows XP and later operating systems only) Address of the resource Reserved Reserved Multiple initialization: A resource is initialized more than one time. A bug check with this parameter occurs only when the Deadlock Detection option of Driver Verifier is active. 0x1007 (Windows XP and later operating systems only) Address of the resource Reserved Reserved Unacquired resource: A resource is released before it has been acquired. A bug check with this parameter occurs only when the Deadlock Detection option of Driver Verifier is active. 0x1008 (Windows 7 operating systems and later) Lock address Driver Verifier internal data Driver Verifier internal data The driver tried to acquire a lock by using an API that is mismatched for this lock type. 0x1009 (Windows 7 operating systems and later) Lock address Driver Verifier internal data Driver Verifier internal data The driver tried to release a lock by using an API that is mismatched for this lock type. 0x100A (Windows 7 operating systems and later) Owner thread address Driver Verifier internal data The terminated thread owns the lock. 0x100B (Windows 7 operating systems and later) Lock address Owner thread address Driver Verifier internal address The deleted lock is still owned by a thread. 0xA001 (Windows 8.1 Preview operating systems and later) A pointer to the NetBufferList object A pointer to the virtual switch object (if NON-NULL) Reserved (unused) VM Switch: The SourceHandle for the caller-supplied NetBufferList must be set. See the AllocateNetBufferListForwardingContext routine. 0xA002 (Windows 8.1 Preview operating systems and later) A pointer to the NetBufferList object A pointer to the virtual switch object (if NON-NULL). Reserved (unused) VM Switch: The caller supplied NetBufferList's forwarding detail is not zero. See the AllocateNetBufferListForwardingContext routine. 0xA003 (Windows 8.1 Preview operating systems and later) A pointer to the NetBufferList object A pointer to the virtual switch object (if NON-NULL). Reserved (unused) VM Switch: The caller supplied a NetBufferList with packet header or routing context that is NULL. See Packet Management Guidelines for the Extensible Switch Data Path. 0xA004 (Windows 8.1 Preview operating systems and later) ID of invalid port NIC Index A pointer to the virtual switch object (if NON-NULL). VM Switch: The caller specified an invalid Port and NIC index combination. See Hyper-V Extensible Switch Port and Network Adapter States. 0xA005 (Windows 8.1 Preview operating systems and later) A pointer to the NetBufferList object A pointer to the Destination list. A pointer to the virtual switch object (if NON-NULL). VM Switch: The caller supplied an invalid destination. See AddNetBufferListDestination and UpdateNetBufferListDestinations. 0xA006 (Windows 8.1 Preview operating systems and later) A pointer to the NetBufferList object A pointer to the virtual switch object (if NON-NULL). Reserved (unused) VM Switch: The caller supplied an invalid source NIC or Port object. See Hyper-V Extensible Switch Port and Network Adapter States. 0xA007 (Windows 8.1 Preview operating systems and later) A pointer to the NetBufferList object A pointer to the virtual switch object (if NON-NULL). Reserved (unused) VM Switch: The caller supplied an invalid destination list. See AddNetBufferListDestination and UpdateNetBufferListDestinations. 0xA008 (Windows 8.1 Preview operating systems and later) Parent NIC object NIC index A pointer to the virtual switch object (if NON-NULL). VM Switch: Attempting to reference a NIC when not allowed. See Hyper-V Extensible Switch Port and Network Adapter States. 0xA009 (Windows 8.1 Preview operating systems and later) Port being referenced A pointer to the virtual switch object (if NON-NULL) Reserved (unused) VM Switch: Attempt to reference a port when not allowed. See Hyper-V Extensible Switch Port and Network Adapter States. 0xA00A (Windows 8.1 Preview operating systems and later) A pointer to the NetBufferList object ContextTypeInfo object Reserved (unused) VM Switch: Failure context is already set. See SetNetBufferListSwitchContext. 0xA00B (Windows 8.1 Preview operating systems and later) A pointer to the NetBufferList object NDIS_SWITCH_REPORT_FILTERED_NBL_FLAGS_* A pointer to the virtual switch object (if NON-NULL) VM Switch: Invalid direction provided for dropped NetBufferList. See ReportFilteredNetBufferLists. 0xA00C (Windows 8.1 Preview operating systems and later) A pointer to the NetBufferList object Send Flags value A pointer to the virtual switch object (if NON-NULL) VM Switch: NetBufferList chain has multiple source ports when NDIS_SEND_FLAGS_SWITCH_SINGLE_SOURCE flag is set. See Hyper-V Extensible Switch Send and Receive Flags. 0xA00D (Windows 8.1 Preview operating systems and later) A pointer to the NetBufferList object A pointer to the virtual switch context A pointer to the virtual switch object (if NON-NULL) VM Switch: One or more NetBufferLists in chain have invalid destination when NDIS_RECEIVE_FLAGS_SWITCH_DESTINATION_GROUP flag is set. See Hyper-V Extensible Switch Send and Receive Flags. 0x2000 (Windows 7 operating systems and later) The first argument passed to the StorPortInitialize routine. This parameter is a pointer to the driver object that the operating system passed to the miniport driver in the first argument of the miniport driver's DriverEntry routine. The second argument passed to the StorPortInitialize routine. This parameter is a pointer to context information that the operating system passed to the miniport driver in the second argument of the miniport driver's DriverEntry routine. Reserved The Storport miniport driver passed a bad argument (a NULL pointer) to the StorPortInitialize routine. 0x00020002 (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlApcLte. The rule specifies that the driver must call ObGetObjectSecurity and ObReleaseObjectSecurity only when IRQL <= APC_LEVEL. 0x00020003 (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlDispatch. The IrqlDispatch rule specifies that the driver must call certain routines only when IRQL = DISPATCH_LEVEL 0x00020004 (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlExAllocatePool. The IrqlExAllocatePool rule specifies that the driver calls ExAllocatePoolWithTag and ExAllocatePoolWithTagPriority only when at IRQL<=DISPATCH_LEVEL. 0x00020005 (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlExApcLte1. The IrqlExApcLte1 rule specifies that the driver calls ExAcquireFastMutex and ExTryToAcquireFastMutex only at IRQL <= APC_LEVEL. 0x00020006 (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlExApcLte2. The IrqlExApcLte2 rule specifies that the driver calls certain routines only when IRQL <= APC_LEVEL. 0x00020007 (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlExApcLte3. The IrqlExApcLte3 rule specifies that the driver must call certain executive support routines only when IRQL <= APC_LEVEL. 0x00020008 (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlExPassive. The IrqlExPassive rule specifies that the driver must call certain executive support routines only when IRQL = PASSIVE_LEVEL. 0x00020009 (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlIoApcLte. The IrqlIoApcLte rule specifies that the driver must call certain I/O manager routines only when IRQL <= APC_LEVEL. 0x0002000A (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlIoPassive1. The IrqlIoPassive1 rule specifies that the driver must call certain I/O manager routines only when IRQL = PASSIVE_LEVEL. 0x0002000B (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlIoPassive2. The IrqlIoPassive2 rule specifies that the driver must call certain I/O manager routines only when IRQL = PASSIVE_LEVEL. 0x0002000C (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlIoPassive3. The IrqlIoPassive3 rule specifies that the driver must call certain I/O manager routines only when IRQL = PASSIVE_LEVEL. 0x0002000D (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlIoPassive4. The IrqlIoPassive4 rule specifies that the driver must call certain I/O manager routines only when IRQL = PASSIVE_LEVEL. 0x0002000E (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlIoPassive5. The IrqlIoPassive5 rule specifies that the driver must call certain I/O manager routines only when IRQL = PASSIVE_LEVEL. 0x0002000F (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlKeApcLte1. The IrqlKeApcLte1 rule specifies that the driver must call certain kernel routines only when IRQL <= APC_LEVEL. 0x00020010 (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlKeApcLte2. The IrqlKeApcLte2 rule specifies that the driver must call certain kernel routines only when IRQL <= APC_LEVEL. 0x00020011 (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlKeDispatchLte. The IrqlKeDispatchLte rule specifies that the driver must call certain kernel routines only when IRQL <= DISPATCH_LEVEL. 0x00020015 (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlKeReleaseSpinLock. The IrqlKeReleaseSpinLock rule specifies that the driver must call KeReleaseSpinLock only when IRQL = DISPATCH_LEVEL. 0x00020016 (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlKeSetEvent. The IrqlKeSetEvent rule specifies that the KeSetEvent routine is only called at IRQL <= DISPATCH_LEVEL when Wait is set to FALSE, and at IRQL <= APC_LEVEL when Wait is set to TRUE. 0x00020019 (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlMmApcLte. The IrqlMmApcLte rule specifies that the driver must call certain memory manager routines only when IRQL <= APC_LEVEL. 0x0002001A (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlMmDispatch. The IrqlMmDispatch rule specifies that the driver must call MmFreeContiguousMemory only when IRQL = DISPATCH_LEVEL. 0x0002001B (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlObPassive. The IrqlObPassive rule specifies that the driver must call ObReferenceObjectByHandle only when IRQL = PASSIVE_LEVEL. 0x0002001C (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlPsPassive. The IrqlPsPassive rule specifies that the driver must call certain process and thread manager routines only when IRQL = PASSIVE_LEVEL. 0x0002001D (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the DDI compliance rule IrqlReturn. 0x0002001E (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlRtlPassive. The IrqlRtlPassive rule specifies that the driver must call RtlDeleteRegistryValue only when IRQL = PASSIVE_LEVEL. 0x0002001F (Windows 8 operating systems and later) Pointer to the string that describes the violated rule condition. Optional pointer to the rule state variable(s). Reserved The driver violated the DDI compliance rule IrqlZwPassive. The IrqlZwPassive rule specifies that the driver must call ZwClose only when IRQL = PASSIVE_LEVEL. 0x00020022 (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Reserved (unused) Reserved (unused) The driver violated the DDI compliance rule IrqlIoDispatch. 0x00040003 (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the DDI compliance rule CriticalRegions. 0x00040006 (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the DDI compliance rule QueuedSpinLock. 0x00040007 (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the DDI compliance rule QueuedSpinLockRelease. 0x00040009 (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the DDI compliance rule SpinLock. 0x0004000B (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the DDI compliance rule SpinlockRelease. 0x0004000E (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the DDI compliance rule GuardedRegions. 0x0004100B (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Reserved Reserved The driver violated the DDI compliance rule RequestedPowerIrp. 0x0004100F (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the DDI compliance rule IoSetCompletionExCompleteIrp. 0x00043006 (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Reserved Reserved The driver violated the DDI compliance rule PnpRemove. 0x00091001 (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the DDI compliance rule NdisOidComplete. 0x00091002 (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the DDI compliance rule NdisOidDoubleComplete. 0x0009100E (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the DDI compliance rule NdisOidDoubleRequest. 0x00092003 (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the NDIS/WIFI verification rule NdisTimedOidComplete. 0x0009200D (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the NDIS/WIFI verification rule NdisTimedDataSend. 0x0009200F (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the NDIS/WIFI verification rule NdisTimedDataHang. 0x00093004 (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the NDIS/WIFI verification rule WlanAssociation. 0x00093005 (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the NDIS/WIFI verification rule WlanConnectionRoaming. 0x00093006 (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the NDIS/WIFI verification rule WlanDisassociation. 0x00094007 (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the NDIS/WIFI verification rule WlanTimedAssociation. 0x00094008 (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the NDIS/WIFI verification rule WlanTimedConnectionRoaming. 0x00094009 (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the NDIS/WIFI verification rule WlanTimedConnectRequest. 0x0009400B (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the NDIS/WIFI verification rule WlanTimedLinkQuality. 0x0009400C (Windows 8.1 Preview operating systems and later) Pointer to the string that describes the violated rule condition. Address of internal rule state (second argument to !ruleinfo). Address of supplemental states (third argument to !ruleinfo). The driver violated the NDIS/WIFI verification rule WlanTimedScan. Cause See the description of each code in the Parameters section for a description of the cause. Further information can be obtained by using the !analyze -v extension. Resolution This bug check can only occur when Driver Verifier has been instructed to monitor one or more drivers. If you did not intend to use Driver Verifier, you should deactivate it. You might also consider removing the driver that caused this problem. If you are the driver writer, use the information obtained through this bug check to fix the bugs in your code. For full details on Driver Verifier, see the Driver Verifier section of the Windows Driver Kit (WDK). Remarks The _POOL_TYPE codes are enumerated in Ntddk.h. In particular, 0 (zero) indicates nonpaged pool and 1 (one) indicates paged pool. (Windows 8 and later versions of Windows) If DDI compliance checking causes a bug check, run Static Driver Verifier on the driver source code and specify the DDI compliance rule (identified by the parameter 1 value) that caused the bug check. Static Driver Verifier can help you locate the cause of the problem in your source code. See also Handling a Bug Check When Driver Verifier is Enabled Bug Check 0xC5: DRIVER_CORRUPTED_EXPOOL The DRIVER_CORRUPTED_EXPOOL bug check has a value of 0x000000C5. This indicates that the system attempted to access invalid memory at a process IRQL that was too high. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Memory referenced 2 IRQL at time of reference 3 0: Read 1: Write 4 Address that referenced memory Cause The kernel attempted to access pageable memory (or perhaps completely invalid memory) when the IRQL was too high. The ultimate cause of this problem is almost certainly a driver that has corrupted the system pool. In most cases, this bug check results if a driver corrupts a small allocation (less than PAGE_SIZE). Larger allocations result in bug check 0xD0 (DRIVER_CORRUPTED_MMPOOL). Resolution If you have recently installed any new software, check to see if it is properly installed. Check for updated drivers on the manufacturer's website. To debug this error, use the special pool option of Driver Verifier. If this fails to reveal the driver that caused the error, use the Global Flags utility to enable the special pool by pool tag. For information about the special pool, consult the Driver Verifier section of the Windows Driver Kit. Bug Check 0xC6: DRIVER_CAUGHT_MODIFYING_FREED_POOL The DRIVER_CAUGHT_MODIFYING_FREED_POOL bug check has a value of 0x000000C6. This indicates that the driver attempted to access a freed memory pool. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Memory referenced 2 0: Read 1: Write 3 0: Kernel mode 1: User mode 4 Reserved Remarks The faulty component will be displayed in the current kernel stack. This driver should be either replaced or debugged. Bug Check 0xC7: TIMER_OR_DPC_INVALID The TIMER_OR_DPC_INVALID bug check has a value of 0x000000C7. This is issued if a kernel timer or delayed procedure call (DPC) is found somewhere in memory where it is not permitted. Parameters The following parameters are displayed on the blue screen. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of error 0x0 Address of the timer object Start of memory range being checked End of memory range being checked The timer object was found in a block of memory where a timer object is not permitted. . 0x1 Address of the DPC object Start of memory range being checked End of memory range being checked The DPC object was found in a block of memory where a DPC object is not permitted. 0x2 Address of the DPC routine Start of memory range being checked End of memory range being checked The DPC routine was found in a block of memory where a DPC object is not permitted. 0x3 Address of the DPC object Processor number Number of processors in the system The processor number for the DPC object is not correct. 0x4 Address of the DPC routine The thread's APC disable count before the kernel calls the DPC routine The thread's APC disable count after the DPC routine is called The thread's APC disable count was changed during DPC routine execution. The APC disable count is decremented each time a driver calls KeEnterCriticalRegion, FsRtlEnterFileSystem, or acquires a mutex. The APC disable count is incremented each time a driver calls KeLeaveCriticalRegion, KeReleaseMutex, or FsRtlExitFileSystem. 0x5 Address of the DPC routine The thread's APC disable count before the kernel calls the DPC routine The thread's APC disable count after the DPC routine is called The thread's APC disable count was changed during the execution of timer DPC routine. The APC disable count is decremented each time a driver calls KeEnterCriticalRegion, FsRtlEnterFileSystem, or acquires a mutex. The APC disable count is incremented each time a driver calls KeLeaveCriticalRegion, KeReleaseMutex, or FsRtlExitFileSystem. Cause This condition is usually caused by a driver failing to cancel a timer or DPC before freeing the memory where it resides. Resolution If you are the driver writer, use the information obtained through this bug check to fix the bugs in your code. If you are a system administrator, you should unload the driver if the problem persists. Bug Check 0xC8: IRQL_UNEXPECTED_VALUE The IRQL_UNEXPECTED_VALUE bug check has a value of 0x000000C8. This indicates that the processor's IRQL is not what it should be at this time. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The value of the following bit computation: (Current IRQL << 16) | (Expected IRQL << 8) | UniqueValue 2 Zero, or APC->KernelRoutine 3 Zero, or APC 4 Zero, or APC->NormalRoutine You can determine "UniqueValue" by computing (Parameter 1 AND 0xFF). If "UniqueValue" is either zero or one, Parameter 2, Parameter 3, and Parameter 4 will equal the indicated APC pointers. Otherwise, these parameters will equal zero. Cause This error is usually caused by a device driver or another lower-level program that changed the IRQL for some period and did not restore the original IRQL at the end of that period. For example, the routine may have acquired a spin lock and failed to release it. Bug Check 0xC9: DRIVER_VERIFIER_IOMANAGER_VIOLATION The DRIVER_VERIFIER_IOMANAGER_VIOLATION bug check has a value of 0x000000C9. This is the bug check code for all Driver Verifier I/O Verification violations. Parameters When Driver Verifier is active and I/O Verification is selected, various I/O violations will cause this bug check to be issued. The following parameters will be displayed on the blue screen. Parameter 1 identifies the type of violation. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of Error 0x01 Address of IRP being freed 0 0 The driver attempted to free an object whose type is not IO_TYPE_IRP. 0x02 Address of IRP being freed 0 0 The driver attempted to free an IRP that is still associated with a thread. 0x03 Address of IRP being sent 0 0 The driver passed IoCallDriver an IRP Type not equal to IRP_TYPE. 0x04 Address of device object 0 0 The driver passed IoCallDriver an invalid device object. 0x05 Address of device object associated with offending driver IRQL before IoCallDriver IRQL after IoCallDriver The IRQL changed during a call to the driver dispatch routine. 0x06 IRP status Address of IRP being completed 0 The driver called IoCompleteRequest with a status marked as pending (or equal to -1). 0x07 Address of cancel routine Address of IRP being completed 0 The driver called IoCompleteRequest while its cancel routine was still set. 0x08 Address of device object IRP major function code Exception status code The driver passed IoBuildAsynchronousFsdRequest an invalid buffer. 0x09 Address of device object I/O control code Exception status code The driver passed IoBuildDeviceIoControlRequest an invalid buffer. 0x0A Address of device object 0 0 The driver passed IoInitializeTimer a device object with an already-initialized timer. 0x0C Address of I/O status block 0 0 The driver passed an I/O status block to an IRP, but this block is allocated on a stack which has already unwound past that point. 0x0D Address of user event object 0 0 The driver passed a user event to an IRP, but this event is allocated on a stack which has already unwound past that point. 0x0E Current IRQL Address of IRP 0 The driver called IoCompleteRequest with IRQL > DISPATCH_LEVEL. 0x0F Address of the device object to which the IRP is being sent Pointer to the IRP Pointer to file object The driver sent a create request with a file object that has been closed, or that had its open canceled. In addition to the errors mentioned in the previous table, there are a number of I/O Verification errors that will cause Driver Verifier to halt the system, but which are not actually bug checks. These errors cause messages to be displayed on the blue screen, in a crash dump file, and in a kernel debugger. These messages will appear differently in each of these locations. When these errors occur, the hexadecimal bug check code 0xC9 and the bug check string DRIVER_VERIFIER_IOMANAGER_VIOLATION do not appear on the blue screen or in the debugger, although they will appear in a crash dump file. On the blue screen, the following data will be displayed: The message IO SYSTEM VERIFICATION ERROR. The message WDM DRIVER ERROR XXX, where XXX is a hexadecimal code representing the specific error. (See the table below for a list of the I/O error codes and their meanings.) The name of the driver which caused the error. The address in the driver's code where the error was detected (Parameter 2). A pointer to the IRP (Parameter 3). A pointer to the device object (Parameter 4). If a kernel-mode crash dump has been enabled, the following information will appear in the crash dump file: The message BugCheck 0xC9 (DRIVER_VERIFIER_IOMANAGER_VIOLATION). The hexadecimal I/O error code. (See the table below for a list of the I/O error codes and their meanings.) The address in the driver's code where the error was detected. A pointer to the IRP. A pointer to the device object. If a kernel debugger is attached to the system which has caused this violation, the following information will be sent to the debugger: The message WDM DRIVER ERROR, along with an assessment of the severity of the error. The name of the driver which caused the error. A descriptive string which explains the cause of this error. Often additional information is passed along, such as a pointer to the IRP. (See the table below for a list of these descriptive strings and what additional information is specified.) A query for further action. Possible responses are b (break), i (ignore), z (zap), r (remove), or d (disable). Instructing the operating system to continue allows you to see what would happen "down the line" if this error had not occurred. Of course, this often will lead to additional bug checks. The "zap" option will actually remove the breakpoint that caused this error to be discovered. Note No other bug checks can be ignored in this manner. Only this kind of I/O Verification errors can be ignored, and even these errors can only be ignored if a kernel debugger is attached. The following table lists those I/O Verification errors that can appear. In Windows 2000, these errors will only be displayed if I/O Verification is set to Level 2. I/O Error Code Severity Cause of Error 0x200 Unknown This code covers all unknown I/O Verification errors. 0x201 Fatal error A device is deleting itself while there is another device beneath it in the driver stack. This may be because the caller has forgotten to call IoDetachDevice first, or the lower driver may have incorrectly deleted itself. 0x202 Fatal error A driver has attempted to detach from a device object that is not attached to anything. This may occur if detach was called twice on the same device object. (Device object specified.) 0x203 Fatal error A driver has called IoCallDriver without setting the cancel routine in the IRP to NULL. (IRP specified.) 0x204 Fatal error The caller has passed in NULL as a device object. This is fatal. (IRP specified.) 0x205 Fatal error The caller is forwarding an IRP that is currently queued beneath it. The code handling IRPs returning STATUS_PENDING in this driver appears to be broken. (IRP specified.) 0x206 Fatal error The caller has incorrectly forwarded an IRP (control field not zeroed). The driver should use IoCopyCurrentIrpStackLocationToNext or IoSkipCurrentIrpStackLocation. (IRP specified.) 0x207 Fatal error The caller has manually copied the stack and has inadvertently copied the upper layer's completion routine. The driver should use IoCopyCurrentIrpStackLocationToNext. (IRP specified.) 0x208 Fatal error This IRP is about to run out of stack locations. Someone may have forwarded this IRP from another stack. (IRP specified.) 
 0x209 Fatal error The caller is completing an IRP that is currently queued beneath it. The code handling IRPs returning STATUS_PENDING in this driver appears to be broken. (IRP specified.) 0x20A Fatal error The caller of IoFreeIrp is freeing an IRP that is still in use. (Original IRP and IRP in use specified.) 0x20B Fatal error The caller of IoFreeIrp is freeing an IRP that is still in use. (IRP specified.) 0x20C Fatal error The caller of IoFreeIrp is freeing an IRP that is still queued against a thread. (IRP specified.) 0x20D Fatal error The caller of IoInitializeIrp has passed an IRP that was allocated with IoAllocateIrp. This is illegal and unnecessary, and has caused a quota leak. Check the documentation for IoReuseIrp if this IRP is being recycled. 
 0x20E Non-fatal error A PNP IRP has an invalid status. (Any PNP IRP must have its status initialized to STATUS_NOT_SUPPORTED.) (IRP specified.) 0x20F Non-fatal error A Power IRP has an invalid status. (Any Power IRP must have its status initialized to STATUS_NOT_SUPPORTED.) (IRP specified.) 0x210 Non-fatal error A WMI IRP has an invalid status. (Any WMI IRP must have its status initialized to STATUS_NOT_SUPPORTED.) (IRP specified.) 0x211 Non-fatal error The caller has forwarded an IRP while skipping a device object in the stack. The caller is probably sending IRPs to the PDO instead of to the device returned by IoAttachDeviceToDeviceStack. (IRP specified.) 
 0x212 Non-fatal error The caller has trashed or has not properly copied the IRP's stack. (IRP specified.) 0x213 Non-fatal error The caller has changed the status field of an IRP it does not understand. (IRP specified.) 0x214 Non-fatal error The caller has changed the information field of an IRP it does not understand. (IRP specified.) 0x215 Non-fatal error A non-successful non-STATUS_NOT_SUPPORTED IRP status for IRP_MJ_PNP is being passed down stack. (IRP specified.) Failed PNP IRPs must be completed. 0x216 Non-fatal error The previously-set IRP_MJ_PNP status has been converted to STATUS_NOT_SUPPORTED. (IRP specified.) This failure status is reserved for use by the operating system. Drivers cannot fail a PnP IRP with this value. 0x217 Non-fatal error The driver has not handled a required IRP. The driver must update the status of the IRP to indicate whether or not it has been handled. (IRP specified.) 0x218 Non-fatal error The driver has responded to an IRP that is reserved for other device objects elsewhere in the stack. (IRP specified.) 0x219 Non-fatal error A non-successful non-STATUS_NOT_SUPPORTED IRP status for IRP_MJ_POWER is being passed down stack. (IRP specified.) Failed POWER IRPs must be completed. 0x21A Non-fatal error The previously-set IRP_MJ_POWER status has been converted to STATUS_NOT_SUPPORTED. (IRP specified.) 0x21B Non-fatal error A driver has returned a suspicious status. This is probably due to an uninitialized variable bug in the driver. (IRP specified.) 0x21C Warning The caller has copied the IRP stack but not set a completion routine. This is inefficient -- use IoSkipCurrentIrpStackLocation instead. (IRP specified.) 0x21D Fatal error An IRP dispatch handler has not properly detached from the stack below it upon receiving a remove IRP. (Device object, dispatch routine, and IRP specified.) 0x21E Fatal error An IRP dispatch handler has not properly deleted its device object upon receiving a remove IRP. (Device object, dispatch routine, and IRP specified.) 
 0x21F Non-fatal error A driver has not filled out a dispatch routine for a required IRP major function. (IRP specified.) 0x220 Non-fatal error IRP_MJ_SYSTEM_CONTROL has been completed by someone other than the ProviderId. This IRP should either have been completed earlier or should have been passed down. (IRP specified, along with the device object where it was targeted.) 
 0x221 Fatal error An IRP dispatch handler for a PDO has deleted its device object, but the hardware has not been reported as missing in a bus relations query. (Device object, dispatch routine, and IRP specified.) 
 0x222 Fatal error A Bus Filter's IRP dispatch handler has detached upon receiving a remove IRP when the PDO is still alive. Bus Filters must clean up in FastIoDetach callbacks. (Device object, dispatch routine, and IRP specified.) 
 0x223 Fatal error An IRP dispatch handler for a bus filter has deleted its device object, but the PDO is still present. Bus filters must clean up in FastIoDetach callbacks. (Device object, dispatch routine, and IRP specified.) 
 0x224 Fatal error An IRP dispatch handler has returned a status that is inconsistent with the IRP's IoStatus.Status field. (Dispatch handler routine, IRP, IRP's IoStatus.Status, and returned Status specified.) 
 0x225 Non-fatal error An IRP dispatch handler has returned a status that is illegal (0xFFFFFFFF). This is probably due to an uninitialized stack variable. To debug this error, use the ln (List Nearest Symbols) command with the specified address. 
 0x226 Fatal error An IRP dispatch handler has returned without passing down or completing this IRP, or someone forgot to return STATUS_PENDING. (IRP specified.) 
 0x227 Fatal error An IRP completion routine is in pageable code. (This is never permitted.) (Routine and IRP specified.) 
 0x228 Non-fatal error A driver's completion routine has not marked the IRP pending if the PendingReturned field was set in the IRP passed to it. This may cause Windows to hang, especially if an error is returned by the stack. (Routine and IRP specified.) 
 0x229 Fatal error A cancel routine has been set for an IRP that is currently being processed by drivers lower in the stack, possibly stomping their cancel routine. (Routine and IRP specified.) 
 0x22A Non-fatal error The physical device object (PDO) has not responded to a required IRP. (IRP specified.) 
 0x22B Non-fatal error The physical device object (PDO) has forgotten to fill out the device relation list with the PDO for the TargetDeviceRelation query. (IRP specified.) 0x22C Fatal error The code implementing the TargetDeviceRelation query has not called ObReferenceObject on the PDO. (IRP specified.) 0x22D Non-fatal error The caller has completed a IRP_MJ_PNP it didn't understand instead of passing it down. (IRP specified.) 0x22E Non-fatal error The caller has completed a successful IRP_MJ_PNP instead of passing it down. (IRP specified.) 0x22F Non-fatal error The caller has completed an untouched IRP_MJ_PNP (instead of passing the IRP down), or non-PDO has failed the IRP using illegal value of STATUS_NOT_SUPPORTED. (IRP specified.) 0x230 Non-fatal error The caller has completed an IRP_MJ_POWER it didn't understand instead of passing it down. (IRP specified.) 0x231 Fatal error The caller has completed a successful IRP_MJ_POWER instead of passing it down. (IRP specified.) 0x232 Non-fatal error The caller has completed an untouched IRP_MJ_POWER (instead of passing the IRP down), or non-PDO has failed the IRP using illegal value of STATUS_NOT_SUPPORTED. (IRP specified.) 0x233 Non-fatal error The version field of the query capabilities structure in a query capabilities IRP was not properly initialized. (IRP specified.) 0x234 Non-fatal error The size field of the query capabilities structure in a query capabilities IRP was not properly initialized. (IRP specified.) 0x235 Non-fatal error The address field of the query capabilities structure in a query capabilities IRP was not properly initialized to -1. (IRP specified.) 0x236 Non-fatal error The UI Number field of the query capabilities structure in a query capabilities IRP was not properly initialized to -1. (IRP specified.) 0x237 Fatal error A driver has sent an IRP that is restricted for system use only. (IRP specified.) 0x238 Warning The caller of IoInitializeIrp has passed an IRP that was allocated with IoAllocateIrp. This is illegal, unnecessary, and negatively impacts performance in normal use. If this IRP is being recycled, see IoReuseIrp in the Windows Driver Kit. 0x239 Warning The caller of IoCompleteRequest is completing an IRP that has never been forwarded via a call to IoCallDriver or PoCallDriver. This may be a bug. (IRP specified.) 0x23A Fatal error A driver has forwarded an IRP at an IRQL that is illegal for this major code. (IRP specified.) 0x23B Non-fatal error The caller has changed the status field of an IRP it does not understand. (IRP specified.) The following table lists additional I/O Verification errors that can appear in Windows XP and later. Some of these errors will only be revealed if Enhanced I/O Verification is activated. In Windows Vista and later, the Enhanced I/O Verification settings are included as part of I/O Verification. I/O Error Code Severity Cause of Error 0x23C Fatal error A driver has completed an IRP without setting the cancel routine in the IRP to NULL. (IRP specified.) 0x23D Non-fatal error A driver has returned STATUS_PENDING but did not mark the IRP pending via a call to IoMarkIrpPending. (IRP specified.) 0x23E Non-fatal error A driver has marked an IRP pending but didn't return STATUS_PENDING. (IRP specified.) 0x23F Fatal error A driver has not inherited the DO_POWER_PAGABLE bit from the stack it has attached to. (Device object specified.) 0x240 Fatal error A driver is attempting to delete a device object that has already been deleted via a prior call to IoDeleteDevice. 0x241 Fatal error A driver has detached its device object during a surprise remove IRP. (IRP and device object specified.) 0x242 Fatal error A driver has deleted its device object during a surprise remove IRP. (IRP and device object specified.) 0x243 Fatal error A driver has failed to clear the DO_DEVICE_INITIALIZING flag at the end of AddDevice. (Device object specified.) 0x244 Fatal error A driver has not copied either the DO_BUFFERED_IO or the DO_DIRECT_IO flag from the device object it is attaching to. (Device object specified.) 0x245 Fatal error A driver has set both the DO_BUFFERED_IO and the DO_DIRECT_IO flags. These flags are mutually exclusive. (Device object specified.) 0x246 Fatal error A driver has failed to copy the DeviceType field from the device object it is attaching to. (Device object specified.) 0x247 Fatal error A driver has failed an IRP that cannot legally be failed. (IRP specified.) 0x248 Fatal error A driver has added a device object that is not a PDO to a device relations query. (IRP and device object specified.) 0x249 Non-fatal error A driver has enumerated two child PDOs that returned identical Device IDs. (Both device objects specified.) 0x24A Fatal error A driver has mistakenly called a file I/O function with IRQL not equal to PASSIVE_LEVEL. 0x24B Fatal error A driver has completed an IRP_MN_QUERY_DEVICE_RELATIONS request of type TargetDeviceRelation as successful, but did not properly fill out the request or forward the IRP to the underlying hardware stack. (Device object specified.) 0x24C Non-fatal error A driver has returned STATUS_PENDING but did not mark the IRP pending by a call to IoMarkIrpPending. (IRP specified.) 0x24D Fatal error A driver has passed an invalid device object to a function that requires a PDO. (Device object specified.) 0x300 A driver has returned a suspicious status. This is probably due to an uninitialized variable bug in the driver. 0x301 A driver has forwarded an IRP at IRQL > DISPATCH_LEVEL. (IRQL value specified) 0x302 A driver has forwarded an IRP at IRQL >= APC_LEVEL. The I/O Manager will need to queue an APC to complete this request. The APC will not be able to run because the caller is already at APC level, so the caller is likely to deadlock. (IRQL value specified) 0x306 The driver is completing an IRP_MJ_PNP (major) and IRP_MN_REMOVE_DEVICE (minor) request with a failure status code. Cause See the description of each code in the Parameters section for a description of the cause. Resolution This bug check can only occur when Driver Verifier has been instructed to monitor one or more drivers. If you did not intend to use Driver Verifier, you should deactivate it. You might consider removing the driver which caused this problem as well. If you are the driver writer, use the information obtained through this bug check to fix the bugs in your code. For full details on Driver Verifier, see the Windows Driver Kit. Bug Check 0xCA: PNP_DETECTED_FATAL_ERROR The PNP_DETECTED_FATAL_ERROR bug check has a value of 0x000000CA. This indicates that the Plug and Play Manager encountered a severe error, probably as a result of a problematic Plug and Play driver. Parameters The following parameters are displayed on the blue screen. Parameter 1 identifies the type of violation. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of Error 0x1 Address of newly-reported PDO Address of older PDO which has been duplicated Reserved Duplicate PDO: A specific instance of a driver has enumerated multiple PDOs with identical device ID and unique IDs. 0x2 Address of purported PDO Address of driver object Reserved Invalid PDO: An API which requires a PDO has been called with random memory, or with an FDO, or with a PDO which hasn't been initialized. (An uninitialized PDO is one that has not been returned to Plug and Play by QueryDeviceRelation or QueryBusRelations.) 0x3 Address of PDO whose IDs were queried Address of ID buffer 1: DeviceID 2: UniqueID 3: HardwareIDs 4: CompatibleIDs Invalid ID: An enumerator has returned an ID which contains illegal characters or isn't properly terminated. (IDs must contain only characters in the ranges 0x20 - 0x2B and 0x2D - 0x7F.) 0x4 Address of PDO with DOE_DELETE_PENDING set Reserved Reserved Invalid enumeration of deleted PDO: An enumerator has returned a PDO which it had previously deleted using IoDeleteDevice. 
 0x5 Address of PDO Reserved Reserved PDO freed while linked in devnode tree: The object manager reference count on a PDO dropped to zero while the devnode was still linked in the tree. (This usually indicates that the driver is not adding a reference when returning the PDO in a query IRP.) 
 0x8 Address of PDO whose stack returned the invalid bus relation Total number of PDOs returned as bus relations The index (zero-based) at which the first NULL PDO was found NULL pointer returned as a bus relation: One or more of the devices present on the bus is a NULL PDO. 
 0x9 Connection type that was passed Reserved Reserved Invalid connection type passed to IoDisconnectInterruptEx: A driver has passed an invalid connection type to IoDisconnectInterruptEx. The connection type passed to this routine must match the one returned by a corresponding successful call to IoConnectInterruptEx. 0xA Driver object IRQL after returning from driver callback Combined APC disable count after returning from driver callback Incorrect notify callback behavior: A driver failed to preserve IRQL or combined APC disable count across a Plug 'n' Play notification. 
 0xB Related PDO Removal relations Reserved Deleted PDO reported as relation: One of the removal relations for the device being removed has already been deleted. Bug Check 
0xCB: DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS The DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS bug check has a value of 0x000000CB. This indicates that a driver or the I/O manager failed to release locked pages after an I/O operation. Parameters The four parameters listed in the message can have two possible meanings. If a driver locked these pages, the parameters have the following meaning. Parameter Description 1 Calling address in the driver that locked the pages 2 Caller of the calling address in driver that locked the pages 3 Address of the MDL containing the locked pages 4 Number of locked pages If the driver responsible for the error can be identified, its name is printed on the blue screen and stored in memory at the location (PUNICODE_STRING) KiBugCheckDriver. If the I/O manager locked these pages, the parameters have the following meaning. Parameter Description 1 Address of the dispatch routine of the top driver on the stack to which the IRP was sent 2 Address of the device object of the top driver on the stack to which the IRP was sent 3 Address of the MDL containing the locked pages 4 Number of locked pages Remarks This bug check is issued only if the registry value \\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\TrackLockedPages is equal to DWORD 1. If this value is not set, the system will issue the less-informative bug check 0x76 (PROCESS_HAS_LOCKED_PAGES). Starting with Windows Vista, this bug check can also be issued by Driver Verifier when the Pool Tracking option is enabled. Bug Check 0xCC: PAGE_FAULT_IN_FREED_SPECIAL_POOL The PAGE_FAULT_IN_FREED_SPECIAL_POOL bug check has a value of 0x000000CC. This indicates that the system has referenced memory which was earlier freed. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Memory address referenced 2 0: Read 1: Write 3 Address that referenced memory (if known) 4 Reserved If the driver responsible for the error can be identified, its name is printed on the blue screen and stored in memory at the location (PUNICODE_STRING) KiBugCheckDriver. Cause The Driver Verifier Special Pool option has caught the system accessing memory which was earlier freed. This usually indicates a system-driver synchronization problem. For information about the special pool, consult the Driver Verifier section of the Windows Driver Kit. Remarks This cannot be protected by a try - except handler -- it can only be protected by a probe. Bug Check 0xCD: PAGE_FAULT_BEYOND_END_OF_ALLOCATION The PAGE_FAULT_BEYOND_END_OF_ALLOCATION bug check has a value of 0x000000CD. This indicates that the system accessed memory beyond the end of some driver's pool allocation. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Memory address referenced 2 0: Read 1: Write 3 Address that referenced memory (if known) 4 Reserved If the driver responsible for the error can be identified, its name is printed on the blue screen and stored in memory at the location (PUNICODE_STRING) KiBugCheckDriver. Cause The driver allocated n bytes of memory from the special pool. Subsequently, the system referenced more than n bytes from this pool. This usually indicates a system-driver synchronization problem. For information about the special pool, consult the Driver Verifier section of the Windows Driver Kit. Remarks This cannot be protected by a try - except handler -- it can only be protected by a probe. Bug Check 0xCE: DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS The DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS bug check has a value of 0x000000CE. This indicates that a driver failed to cancel pending operations before unloading. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Memory address referenced 2 0: Read 1: Write 3 Address that referenced memory (if known) 4 Reserved If the driver responsible for the error can be identified, its name is printed on the blue screen and stored in memory at the location (PUNICODE_STRING) KiBugCheckDriver. Cause This driver failed to cancel lookaside lists, DPCs, worker threads, or other such items before unload. Bug Check 0xCF: TERMINAL_SERVER_DRIVER_MADE_INCORRECT_MEMORY_REFERENCE The TERMINAL_SERVER_DRIVER_MADE_INCORRECT_MEMORY_REFERENCE bug check has a value of 0x000000CF. This indicates that a driver has been incorrectly ported to the terminal server. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Memory address referenced 2 0: Read 1: Write 3 Address that referenced memory (if known) 4 Reserved If the driver responsible for the error can be identified, its name is printed on the blue screen and stored in memory at the location (PUNICODE_STRING) KiBugCheckDriver. Cause The driver is referencing session space addresses from the system process context. This probably results from the driver queuing an item to a system worker thread. This driver needs to comply with Terminal Server's memory management rules. Bug Check 0xD0: DRIVER_CORRUPTED_MMPOOL The DRIVER_CORRUPTED_MMPOOL bug check has a value of 0x000000D0. This indicates that the system attempted to access invalid memory at a process IRQL that was too high. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Memory referenced 2 IRQL at time of reference 3 0: Read 1: Write 4 Address that referenced memory Cause The kernel attempted to access pageable memory (or perhaps completely invalid memory) when the IRQL was too high. The ultimate cause of this problem is almost certainly a driver that has corrupted the system pool. In most cases, this bug check results if a driver corrupts a large allocation (PAGE_SIZE or larger). Smaller allocations result in bug check 0xC5 (DRIVER_CORRUPTED_EXPOOL). Resolution If you have recently installed any new software, check to see if it is properly installed. Check for updated drivers on the manufacturer's website. To debug this error, use the special pool option of Driver Verifier. If this fails to reveal the driver that caused the error, use the Global Flags utility to enable the special pool by pool tag. For information about the special pool, consult the Driver Verifier section of the Windows Driver Kit. An alternate method is to open the \\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management registry key. In this key, create or edit the ProtectNonPagedPool value, and set it equal to DWORD 1. Then reboot. Then the system will unmap all freed nonpaged pool. This will prevent drivers from corrupting the pool. (This does not protect the pool from DMA hardware, however.) Bug Check 0xD1: DRIVER_IRQL_NOT_LESS_OR_EQUAL The DRIVER_IRQL_NOT_LESS_OR_EQUAL bug check has a value of 0x000000D1. This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Memory referenced 2 IRQL at time of reference 3 0: Read 1: Write 8: Execute 4 Address that referenced memory Cause A driver tried to access an address that is pageable (or that is completely invalid) while the IRQL was too high. This bug check is usually caused by drivers that have used improper addresses. If the first parameter has the same value as the fourth parameter, and the third parameter indicates an execute operation, this bug check was likely caused by a driver that was trying to execute code when the code itself was paged out. Possible causes for the page fault include the following: The function was marked as pageable and was running at an elevated IRQL (which includes obtaining a lock). The function call was made to a function in another driver, and that driver was unloaded. The function was called by using a function pointer that was an invalid pointer. Resolution To begin debugging, use a kernel debugger to get a stack trace. If the problem is caused by the driver that you are developing, make sure that the function that was executing at the time of the bug check is not marked as pageable or does not call any other inline functions that could be paged out. 
 Bug Check 0xD2: BUGCODE_ID_DRIVER The BUGCODE_ID_DRIVER bug check has a value of 0x000000D2. This indicates that a problem occurred with an NDIS driver. Parameters Before this bug check occurs, a message is sent to the DbgPrint buffer. If a debugger is connected, this message will be displayed. This message indicates the type of violation. The meanings of the bug check parameters depend on this message. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Message and Cause Address of the miniport block Number of bytes requested 0 1 Allocating shared memory at raised IRQL. A driver called NdisMAllocateSharedMemory with IRQL >= DISPATCH_LEVEL. Address of the miniport block The Status value submitted to NdisMResetComplete The AddressingReset value submitted to NdisMResetComplete 0 Completing reset when one is not pending. A driver called NdisMResetComplete, but no reset was pending. Address of the miniport block Memory page containing address being freed Address of shared memory signature Virtual address being freed Freeing shared memory not allocated. A driver called NdisMFreeSharedMemory or NdisMFreeSharedMemoryAsync with an address that is not located in NDIS shared memory. Address of the miniport block Address of the packet that is incorrectly included in the packet array Address of the packet array Number of packets in the array Indicating packet not owned by it. The miniport's packet array is corrupt. Address of the MiniBlock Address of the driver object 0 0 NdisAddDevice: AddDevice called with a MiniBlock that is not on the NdisMiniDriverList. Address of the MiniBlock The MiniBlock's reference count 0 0 NdisMUnload: MiniBlock is getting unloaded but it is still on NdisMiniDriverList. Address of the miniport block Memory page Wrapper context Address of shared memory signature Overwrote past allocated shared memory. The address being written to is not located in NDIS shared memory. In the following instances of this bug check, the meaning of the parameters depends on the message and on the value of Parameter 4. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Message and Cause Address of the miniport block Address of the miniport interrupt Address of the miniport timer queue 1 Unloading without deregistering interrupt. A miniport driver failed its initialization without deregistering its interrupt. Address of the miniport block Address of the miniport timer queue Address of the miniport interrupt 2 Unloading without deregistering interrupt. A miniport driver did not deregister its interrupt during the halt process. Address of the miniport block Address of the miniport interrupt Address of the miniport timer queue 1 Unloading without deregistering timer. A miniport driver failed its initialization without successfully canceling all its timers. Address of the miniport block Address of the miniport timer queue Address of the miniport interrupt 2 Unloading without deregistering timer. A miniport driver halted without successfully canceling all its timers. Remarks This bug check code only occurs on Windows 2000 and Windows XP. In Windows Server 2003 and later, the corresponding code is bug check 0x7C (BUGCODE_NDIS_DRIVER). On the checked build of Windows, only the Allocating Shared Memory at Raised IRQL and Completing Reset When One is Not Pending instances of this bug check can occur. All the other instances of bug check 0xD2 are replaced with ASSERTs. See Breaking Into the Debugger for details. Bug Check 0xD3: DRIVER_PORTION_MUST_BE_NONPAGED The DRIVER_PORTION_MUST_BE_NONPAGED bug check has a value of 0x000000D3. This indicates that the system attempted to access pageable memory at a process IRQL that was too high. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Memory referenced 2 IRQL at time of reference 3 0: Read 1: Write 4 Address that referenced memory If the driver responsible for the error can be identified, its name is printed on the blue screen and stored in memory at the location (PUNICODE_STRING) KiBugCheckDriver. Cause This bug check is usually caused by drivers that have incorrectly marked their own code or data as pageable. Resolution To begin debugging, use a kernel debugger to get a stack trace. Bug Check 0xD4: SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD The SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD bug check has a value of 0x000000D4. This indicates that a driver did not cancel pending operations before unloading. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Memory referenced 2 IRQL at time of reference 3 0: Read 1: Write 4 Address that referenced memory If the driver responsible for the error can be identified, its name is printed on the blue screen and stored in memory at the location (PUNICODE_STRING) KiBugCheckDriver. Cause This driver failed to cancel lookaside lists, DPCs, worker threads, or other such items before unload. Subsequently, the system attempted to access the driver's former location at a raised IRQL. Resolution To begin debugging, use a kernel debugger to get a stack trace. If the driver that caused the error has been identified, activate Driver Verifier and attempt to replicate this bug. For full details on Driver Verifier, see the Windows Driver Kit. Bug Check 0xD5: DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL The DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL bug check has a value of 0x000000D5. This indicates that a driver has referenced memory which was earlier freed. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Memory address referenced 2 0: Read 1: Write 3 Address that referenced memory (if known) 4 Reserved If the driver responsible for the error can be identified, its name is printed on the blue screen and stored in memory at the location (PUNICODE_STRING) KiBugCheckDriver. Cause The Driver Verifier Special Pool option has caught the driver accessing memory which was earlier freed. For information about the special pool, consult the Driver Verifier section of the Windows Driver Kit. Remarks This cannot be protected by a try - except handler -- it can only be protected by a probe. 
 Bug Check 0xD6: DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION The DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION bug check has a value of 0x000000D6. This indicates the driver accessed memory beyond the end of its pool allocation. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Memory address referenced 2 0: Read 1: Write 3 Address that referenced memory (if known) 4 Reserved If the driver responsible for the error can be identified, its name is printed on the blue screen and stored in memory at the location (PUNICODE_STRING) KiBugCheckDriver. Cause The driver allocated n bytes of memory and then referenced more than n bytes. The Driver Verifier Special Pool option detected this violation. For information about the special pool, consult the Driver Verifier section of the Windows Driver Kit. Remarks This cannot be protected by a try - except handler -- it can only be protected by a probe. Bug Check 0xD7: DRIVER_UNMAPPING_INVALID_VIEW The DRIVER_UNMAPPING_INVALID_VIEW bug check has a value of 0x000000D7. This indicates a driver is trying to unmap an address that was not mapped. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Virtual address to unmap 2 1: The view is being unmapped 2: The view is being committed 3 0 4 0 Remarks The driver that caused the error can be determined from the stack trace. 
 Bug Check 0xD8: DRIVER_USED_EXCESSIVE_PTES The DRIVER_USED_EXCESSIVE_PTES bug check has a value of 0x000000D8. This indicates that there are no more system page table entries (PTE) remaining. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Pointer to the name of the driver that caused the error (Unicode string), or zero 2 Number of PTEs used by the driver that caused the error (if Parameter 1 is nonzero) 3 Total free system PTEs 4 Total system PTEs If the driver responsible for the error can be identified, its name is printed on the blue screen and stored in memory at the location (PUNICODE_STRING) KiBugCheckDriver. Cause This is usually caused by a driver not cleaning up its memory use properly. Parameter 1 shows the driver which has consumed the most PTEs. The call stack will reveal which driver actually caused the bug check. Resolution Both drivers may need to be fixed. The total number of system PTEs may also need to be increased. 
 Bug Check 0xD9: LOCKED_PAGES_TRACKER_CORRUPTION The LOCKED_PAGES_TRACKER_CORRUPTION bug check has a value of 0x000000D9. This indicates that the internal locked-page tracking structures have been corrupted. Parameters The following parameters are displayed on the blue screen. Parameter 1 indicates the type of violation. The meaning of the other parameters depends on the value of Parameter 1. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of Error 0x01 The address of the internal lock tracking structure The address of the memory descriptor list The number of pages locked for the current process The MDL is being inserted twice on the same process list. 0x02 The address of the internal lock tracking structure The address of the memory descriptor list The number of pages locked for the current process The MDL is being inserted twice on the systemwide list. 0x03 The address of the first internal tracking structure found The address of the internal lock tracking structure The address of the memory descriptor list The MDL was found twice in the process list when being freed. 0x04 The address of the internal lock tracking structure The address of the memory descriptor list 0 The MDL was found in the systemwide list on free after it was removed. Cause The error is indicated by the value of Parameter 1. 
 Bug Check 0xDA: SYSTEM_PTE_MISUSE The SYSTEM_PTE_MISUSE bug check has a value of 0x000000DA. This indicates that a page table entry (PTE) routine has been used in an improper way. Parameters The following parameters are displayed on the blue screen. Parameter 1 indicates the type of violation. The meaning of the other parameters depends on the value of Parameter 1. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of Error 0x01 The address of the internal lock tracking structure The address of the memory descriptor list The address of the duplicate internal lock tracking structure The mapping being freed is a duplicate. 0x02 The address of the internal lock tracking structure The number of mappings that the system expects to free The number of mappings that the driver is requesting to free The number of mappings being freed is incorrect. 0x03 The address of the first internal tracking structure found The mapping address that the system expects to free The mapping address that the driver is requesting to free The mapping address being freed is incorrect. 0x04 The address of the internal lock tracking structure The page frame number that the system expects should be first in the MDL The page frame number that is currently first in the MDL The first page of the mapped MDL has changed since the MDL was mapped. 0x05 The address of the first internal tracking structure found The virtual address that the system expects to free The virtual address that the driver is requesting to free The start virtual address in the MDL being freed has changed since the MDL was mapped. 
 0x06 The MDL specified by the driver The virtual address specified by the driver The number of mappings to free (specified by the driver) The MDL being freed was never (or is currently not) mapped. 
 0x07 The initial mapping The number of mappings Reserved (Windows 2000 only) The mapping range is being double-allocated. 
 0x08 The initial mapping The number of mappings the caller is freeing The number of mappings the system thinks should be freed (Windows 2000 only) The caller is asking to free an incorrect number of mappings. 
 0x09 The initial mapping The number of mappings that the caller is freeing The mapping index that the system thinks is already free (Windows 2000 only) The caller is asking to free several mappings, but at least one of them is not allocated. 
 0x0A 1: The driver requested "bug check on failure" in the MDL. 0: The driver did not request "bug check on failure" in the MDL. The number of mappings that the caller is allocating The type of mapping pool requested (Windows 2000 only) The caller is asking to allocate zero mappings. 0x0B The corrupt mapping The number of mappings that the caller is allocating The type of mapping pool requested (Windows 2000 only) The mapping list was already corrupt at the time of this allocation. The corrupt mapping is located below the lowest possible mapping address. 
 0x0C The corrupt mapping The number of mappings that the caller is allocating The type of mapping pool requested (Windows 2000 only) The mapping list was already corrupt at the time of this allocation. The corrupt mapping is located above the lowest possible mapping address. 0x0D The initial mapping The number of mappings that the caller is freeing The type of mapping pool (Windows 2000 only) The caller is trying to free zero mappings. 0x0E The initial mapping The number of mappings that the caller is freeing The type of mapping pool (Windows 2000 only) The caller is trying to free mappings, but the guard mapping has been overwritten. 0x0F The non-existent mapping The number of mappings that the caller is trying to free The type of mapping pool being freed (Windows 2000 only) The caller is trying to free a non-existent mapping. The non-existent mapping is located below the lowest possible mapping address. 0x10 The non-existent mapping The number of mappings the caller is trying to free The type of mapping pool being freed (Windows 2000 only) The caller is trying to free a non-existent mapping. The non-existent mapping is located above the highest possible mapping address. 
 0x11 The non-existent mapping The number of mappings that the caller is trying to free The type of mapping pool being freed (Windows 2000 only) The caller is trying to free a non-existent mapping. The non-existent mapping is at the base of the mapping address space. 0x100 The number of mappings being requested The caller's identifying tag The address of the routine that called the caller of this routine (Windows XP and later only) The caller requested 0 mappings. 
 0x101 The first mapping address The caller's identifying tag The owner's identifying tag (Windows XP and later only) A caller is trying to free a mapping address range that it does not own. 0x102 The first mapping address The caller's identifying tag Reserved (Windows XP and later only) The mapping address space that the caller is trying to free is apparently empty. 
 0x103 The address of the invalid mapping The caller's identifying tag The number of mappings in the mapping address space (Windows XP and later only) The mapping address space that the caller is trying to free is still reserved. MmUnmapReservedMapping must be called before MmFreeMappingAddress. 0x104 The first mapping address The caller's identifying tag The owner's identifying tag (Windows XP and later only) The caller is attempting to map an MDL to a mapping address space that it does not own. 0x105 The first mapping address The caller's identifying tag Reserved (Windows XP and later only) The caller is attempting to map an MDL to an invalid mapping address space. The caller has mostly likely specified an invalid address. 0x107 The first mapping address The address of the non-empty mapping The last mapping address (Windows XP and later only) The caller is attempting to map an MDL to a mapping address space that has not been properly reserved. The caller should have called MmUnmapReservedMapping prior to calling MmMapLockedPagesWithReservedMapping 0x108 The first mapping address The caller's identifying tag The owner's identifying tag (Windows XP and later only) The caller is attempting to unmap a locked mapping address space that it does not own. 0x109 The first mapping address The caller's identifying tag Reserved (Windows XP and later only) The caller is attempting to unmap a locked virtual address space that is apparently empty. 0x10A The first mapping address The number of mappings in the locked mapping address space The number of mappings to unmap (Windows XP and later only) The caller is attempting to unmap more mappings than actually exist in the locked mapping address space. 0x10B The first mapping address The caller's identifying tag The number of mappings to unmap (Windows XP and later only) The caller is attempting to unmap a portion of a locked virtual address space that is not currently mapped. 0x10C The first mapping address The caller's identifying tag The number of mappings to unmap (Windows XP and later only) The caller is not unmapping the entirety of the locked mapping address space. 0x200 The first mapping address 0 0 (Windows XP and later only) The caller is attempting to reserve a mapping address space that contains no mappings. 0x201 0x202 The first mapping address to reserve The address of the mapping that has already been reserved The number of mappings to reserve (Windows XP and later only) One of the mappings that the caller is attempting to reserve has already been reserved. 0x300 The first mapping address to release 0 0 (Windows XP and later only) The caller is attempting to release a mapping address space that contains no mappings. 0x301 The address of the mapping 0 0 (Windows XP and later only) The caller is attempting to release a mapping that it is not permitted to release. 0x303 The first mapping address The number of mappings to release 0 (Windows XP and later only) The caller is attempting to release a mapping address range that was not reserved. 0x304 The first mapping address The number of mappings to release 0 (Windows XP and later only) The caller is attempting to release a mapping address range that begins in the middle of a different allocation. 0x305 The first mapping address The number of mappings that the caller is trying to release The number of mappings that should be released (Windows XP and later only) The caller is attempting to release the wrong number of mappings. 0x306 The first mapping address The free mapping address The number of mappings to release (Windows XP and later only) One of the mappings that the caller is attempting to release is already free. 0x400 The base address of the I/O space mapping The number of pages to be freed 0 (Windows XP and later only) The caller is trying to free an I/O space mapping that the system is unaware of. Cause The error is indicated by the value of Parameter 1. A stack trace will identify the driver that caused the error. Bug Check 0xDB: DRIVER_CORRUPTED_SYSPTES The DRIVER_CORRUPTED_SYSPTES bug check has a value of 0x000000DB. This indicates that an attempt was made to touch memory at an invalid IRQL, probably due to corruption of system PTEs. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Memory referenced 2 IRQL 3 0: Read 1: Write 4 Address in code which referenced memory Cause A driver tried to access pageable (or completely invalid) memory at too high of an IRQL. This bug check is almost always caused by drivers that have corrupted system PTEs. Resolution If this bug check occurs, the culprit can be detected by editing the registry. In the \\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management registry key, create or edit the TrackPtes value, and set it equal to DWORD 3. Then reboot. The system will then save stack traces, and if the driver commits the same error, the system will issue bug check 0xDA (SYSTEM_PTE_MISUSE). Then the stack trace will identify the driver that caused the error. Bug Check 0xDC: DRIVER_INVALID_STACK_ACCESS The DRIVER_INVALID_STACK_ACCESS bug check has a value of 0x000000DC. This indicates that a driver accessed a stack address that lies below the stack pointer of the stack's thread. Parameters None Bug Check 0xDE: POOL_CORRUPTION_IN_FILE_AREA The POOL_CORRUPTION_IN_FILE_AREA bug check has a value of 0x000000DE. This indicates that a driver has corrupted pool memory that is used for holding pages destined for disk. Parameters None Cause When the Memory Manager dereferenced the file, it discovered this corruption in pool memory. Bug Check 0xDF: IMPERSONATING_WORKER_THREAD The IMPERSONATING_WORKER_THREAD bug check has a value of 0x000000DF. This indicates that a workitem did not disable impersonation before it completed. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The worker routine that caused this error 2 The parameter passed to this worker routine 3 A pointer to the work item 4 Reserved Cause A worker thread was impersonating another process, and failed to disable impersonation before it returned. Bug Check 0xE0: ACPI_BIOS_FATAL_ERROR The ACPI_BIOS_FATAL_ERROR bug check has a value of 0x000000E0. This indicates that one of your computer components is faulty. Parameters The parameters for this bug check are issued by the BIOS, not by Windows. They can only be interpreted by the hardware vendor. Cause Your computer's BIOS has reported that a component in the system is so faulty that there is no way for Windows to operate. The BIOS is indicating that there is no alternative but to issue a bug check. Resolution You can determine which component is faulty by running the diagnostic disk or tool that was included with your computer. If you do not have this tool, you must contact the system vendor and report this error message to them. They will be able to help you correct this hardware problem. This enables Windows to operate. Microsoft cannot address this error. Only the hardware vendor is qualified to analyze it. Bug Check 0xE1: WORKER_THREAD_RETURNED_AT_BAD_IRQL The WORKER_THREAD_RETURNED_AT_BAD_IRQL bug check has a value of 0x000000E1. This indicates that a worker thread completed and returned with IRQL >= DISPATCH_LEVEL. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Address of the worker routine 2 IRQL that the worker thread returned at 3 Work item parameter 4 Work item address Cause A worker thread completed and returned with IRQL >= DISPATCH_LEVEL. Resolution To find the driver that caused the error, use the ln (List Nearest Symbols) debugger command: kd> ln address where address is the worker routine address given in Parameter 1. Bug Check 0xE2: MANUALLY_INITIATED_CRASH The MANUALLY_INITIATED_CRASH bug check has a value of 0x000000E2. This indicates that the user deliberately initiated a crash dump from either the kernel debugger or the keyboard. Parameters None Remarks For more information about manually-initiated crash dumps, see Forcing a System Crash. . Bug Check 0xE3: RESOURCE_NOT_OWNED The RESOURCE_NOT_OWNED bug check has a value of 0x000000E3. This indicates that a thread tried to release a resource it did not own. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Address of resource 2 Address of thread 3 Address of owner table (if it exists) 4 Reserved Bug Check 0xE4: WORKER_INVALID The WORKER_INVALID bug check has a value of 0x000000E4. This indicates that memory that should not contain an executive worker item does contain such an item, or that a currently active worker item was queued. Parameters The following parameters are displayed on the blue screen. Parameter 1 indicates the code position. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of Error 0x0 Address of worker item Start of pool block End of pool block An active worker item was freed. 0x1 Address of worker item Queue number 0 An active worker item was queued. 0x2 Address of worker item Address of I/O worker routine 0 A queued I/O worker item was freed. 0x3 Address of worker item Address of invalid object 0 An attempt was made to initialize an I/O worker item with an invalid object. Cause This is usually caused by a driver freeing memory which still contains an executive worker item. 
 Bug Check 0xE6: DRIVER_VERIFIER_DMA_VIOLATION The DRIVER_VERIFIER_DMA_VIOLATION bug check has a value of 0x000000E6. This is the bug check code for all Driver Verifier DMA Verification violations. Parameters The following parameters are displayed on the blue screen. Parameter 1 is the only parameter of interest. This parameter identifies the exact violation. If a debugger is attached, an informative message is displayed in the debugger. Parameter 1 Cause of Error and Debugger Message 
0x00 This code can represent two kinds of errors: 1. The driver tried to flush too many bytes to the end of the map register file. The number of bytes permitted and the number of bytes attempted are displayed. 2. Windows has run out of contiguous map registers. The number of map registers needed and the largest block of contiguous map registers is displayed. 
 0x01 The performance counter has decreased. The old and new values of the counter are displayed. 
 0x02 The performance counter has increased too fast. The counter value is displayed in the debugger. 
 0x03 The driver freed too many DMA common buffers. Usually this means it freed the same buffer two times. 
 0x04 The driver freed too many DMA adapter channels. Usually this means it freed the same adapter channel two times. 
 0x05 The driver freed too many DMA map registers. Usually this means it freed the same map register two times. The number of active map registers is displayed. 
 0x06 The driver freed too many DMA scatter/gather lists. Usually this means it freed the same scatter/gather list two times. The number of lists allocated and the number of lists freed is displayed. 0x07 The driver tried to release the adapter without first freeing all its common buffers. The adapter address and the number of remaining buffers is displayed. 0x08 The driver tried to release the adapter without first freeing all adapter channels, common buffers, or scatter/gather lists. The adapter address and the number of remaining items is displayed. 0x09 The driver tried to release the adapter without first freeing all map registers. The adapter address and the number of remaining map registers is displayed. 0x0A The driver tried to release the adapter without first freeing all its scatter/gather lists. The adapter address and the number of remaining scatter/gather lists is displayed. 0x0B HV_TOO_MANY_ADAPTER_CHANNELSThe driver has allocated too many adapter channels at the same time. . (Only one adapter channel is permitted per adapter.) 0x0C The driver tried to allocate too many map registers at the same time. The number requested and the number allowed are displayed. 0x0D The driver did not flush its adapter buffers. The number of bytes that the driver tried to map and the maximum number of bytes allowed are displayed. 0x0E The driver tried a DMA transfer without locking the buffer. The buffer in question was in paged memory. The address of the MDL is displayed. 0x0F The driver or the hardware wrote outside its allocated DMA buffer. The nature of the error (overrun or underrun) is displayed, as well as the relevant addresses. 0x10 The driver tried to free its map registers while some were still mapped. The number of map registers still mapped is displayed. 0x11 The driver has too many outstanding reference counts for the adapter. The number of reference counts and the adapter address are displayed. 0x13 The driver called a DMA routine at an improper IRQL. The required IRQL and the actual IRQL are displayed. 0x14 The driver called a DMA routine at an improper IRQL. The required IRQL and the actual IRQL are displayed. 0x15 The driver tried to allocate too many map registers. The number requested and the number allowed are displayed. 0x16 The driver tried to flush a buffer that is not mapped. The address of the buffer is displayed. 0x18 The driver tried a DMA operation by using an adapter that was already released and no longer exists. The adapter address is displayed. 0x19 The driver passed a null DMA_ADAPTER value to a HAL routine. 0x1B The driver passed an address and MDL to a HAL routine. However, this address is not within the bounds of this MDL. The address passed and the address of the MDL are displayed. 0x1D The driver tried to map an address range that was already mapped. The address range and the current mapping for that range are displayed. 0x1E The driver called HalGetAdapter. This function is obsolete -- you must use IoGetDmaAdapter instead. 0x1F HV_BAD_MDLThe driver referenced an invalid system address -- either before the first MDL, or after the end of the first MDL, or by using a transfer length that is longer than the MDL buffer and crosses a page boundary within the MDL. . Either the invalid address and the first MDL address, or the MDL address and the extra transfer length are displayed. 0x20 The driver tried to flush a map register that hasn't been mapped. The map register base, flushing address, and MDL are displayed. 0x21 The driver tried to map a zero-length buffer for transfer. Cause See the description of each code in the Parameters section for a description of the cause. Resolution This bug check can only occur when Driver Verifier has been instructed to monitor one or more drivers. If you did not intend to use Driver Verifier, you should deactivate it. You might also consider removing the driver that caused this problem. If you are the driver writer, use the information obtained through this bug check to fix the bugs in your code. The Driver Verifier DMA Verification option is only available in Windows XP and later versions. For full details on Driver Verifier, see the Windows Driver Kit. Bug Check 0xE7: INVALID_FLOATING_POINT_STATE The INVALID_FLOATING_POINT_STATE bug check has a value of 0x000000E7. This indicates that a thread's saved floating-point state is invalid. Parameters The following parameters are displayed on the blue screen. Parameter 1 indicates which validity check failed. Parameter 4 is not used. The meaning of the other parameters depends on the value of Parameter 1. Parameter 1 Parameter 2 Parameter 3 Cause of Error 0x0 The flags field 0 The saved context flags field is invalid. Either FLOAT_SAVE_VALID is not set, or some reserved bits are nonzero. 0x1 The saved IRQL The current IRQL The current processor's IRQL is not the same as when the floating-point context was saved. 0x2 The saved address of the thread that owns this floating-point context The current thread The saved context does not belong to the current thread. Cause While restoring the previously-saved floating-point state for a thread, the state was found to be invalid. Parameter 1 indicates which validity check failed. Bug Check 0xE8: INVALID_CANCEL_OF_FILE_OPEN The INVALID_CANCEL_OF_FILE_OPEN bug check has a value of 0x000000E8. This indicates that an invalid file object was passed to IoCancelFileOpen. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The file object passed to IoCancelFileOpen 2 The device object passed to IoCancelFileOpen 3 Reserved 4 Reserved Cause The file object passed to IoCancelFileOpen is invalid. It should have reference of one. The driver that called IoCancelFileOpen is at fault. Bug Check 0xE9: ACTIVE_EX_WORKER_THREAD_TERMINATION The ACTIVE_EX_WORKER_THREAD_TERMINATION bug check has a value of 0x000000E9. This indicates that an active executive worker thread is being terminated. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The exiting ETHREAD 2 Reserved 3 Reserved 4 Reserved Cause An executive worker thread is being terminated without having gone through the worker thread rundown code. This is forbidden; work items queued to the ExWorkerQueue must not terminate their threads. A stack trace should indicate the cause. Bug Check 0xEA: THREAD_STUCK_IN_DEVICE_DRIVER The THREAD_STUCK_IN_DEVICE_DRIVER bug check has a value of 0x000000EA. This indicates that a thread in a device driver is endlessly spinning. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 A pointer to the stuck thread object 2 A pointer to the DEFERRED_WATCHDOG object 3 A pointer to the offending driver name 4 In the kernel debugger: The number of times the "intercepted" bug check 0xEA was hit On the blue screen: 1 Cause A device driver is spinning in an infinite loop, most likely waiting for hardware to become idle. This usually indicates problem with the hardware itself, or with the device driver programming the hardware incorrectly. Frequently, this is the result of a bad video card or a bad display driver. Resolution Use the .thread (Set Register Context) command together with Parameter 1. Then use kb (Display Stack Backtrace) to find the location where the thread is stuck. If the kernel debugger is already connected and running when Windows detects a time-out condition. Then DbgBreakPoint will be called instead of KeBugCheckEx. A detailed message will be printed to the debugger. See Sending Output to the Debuggefor more information. This message will include what would have been the bug check parameters. Because no actual bug check was issued, the .bugcheck (Display Bug Check Data) command will not be useful. The four parameters can also be retrieved from Watchdog's global variables by using dd watchdog!g_WdBugCheckData L5" on a 32-bit system, or dq watchdog!g_WdBugCheckData L5" on a 64-bit system. Debugging this error in an interactive manner such as this will enable you to find an offending thread, set breakpoints in it, and then use g (Go) to return to the spinning code to debug it further. On multiprocessor machines (OS build 3790 or earlier), you can hit a time out if the spinning thread is interrupted by a hardware interrupt and an ISR or DPC routine is running at the time of the bug check. This is because the time out's work item can be delivered and handled on the second CPU and the same time. If this occurs, you must look deeper at the offending thread's stack to determine the spinning code which caused the time out to occur. Use the dds (Display Words and Symbols) command to do this. Bug Check 0xEB: DIRTY_MAPPED_PAGES_CONGESTION The DIRTY_MAPPED_PAGES_CONGESTION bug check has a value of 0x000000EB. This indicates that no free pages are available to continue operations. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The total number of dirty pages 2 The number of dirty pages destined for the page file 3 Windows Server 2003 only: The size of the nonpaged pool available at the time of the bug check (in pages) Windows Vista and later versions: Reserved 4 Windows Server 2003 only: The number of transition pages that are currently stranded Windows Vista and later versions: The most recent modified write error status Cause The file system driver stack has deadlocked and most of the modified pages are destined for the file system. Because the file system is non-operational, the system has crashed because none of the modified pages can be reused without losing data. Any file system or filter driver in the stack may be at fault. To see general memory statistics, use the !vm 3 extension. This bug check can occur for any of the following reasons: A driver has blocked, deadlocking the modified or mapped page writers. Examples of this include mutex deadlocks or accesses to paged out memory in file system drivers or filter drivers. This indicates a driver bug. If Parameter 1 or Parameter 2 is large, this is a possibility. Use !vm 3. A storage driver is not processing requests. Examples of this are stranded queues and unresponsive drives. This indicates a driver bug. If Parameter 1 or Parameter 2 is large, this is a possibility. Use !process 0 7. Windows Server 2003 only: Not enough pool is available for the storage stack to write out modified pages. This indicates a driver bug. If Parameter 3 is small, this is a possibility. Use !vm and !poolused 2. Bug Check 0xEC: SESSION_HAS_VALID_SPECIAL_POOL_ON_EXIT The SESSION_HAS_VALID_SPECIAL_POOL_ON_EXIT bug check has a value of 0x000000EC. This indicates that a session unload occurred while a session driver still held memory. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The session ID 2 The number of special pool pages that are leaking 3 Reserved 4 Reserved Cause This error is caused by a session driver not freeing its special pool allocations prior to a session unload. This indicates a bug in win32k.sys, atmfd.dll, rdpdd.dll, or a video driver. Bug Check 0xED: UNMOUNTABLE_BOOT_VOLUME The UNMOUNTABLE_BOOT_VOLUME bug check has a value of 0x000000ED. This indicates that the I/O subsystem attempted to mount the boot volume and it failed. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The device object of the boot volume 2 The status code from the file system that describes why it failed to mount the volume 3 Reserved 4 Reserved Bug Check 0xEF: CRITICAL_PROCESS_DIED The CRITICAL_PROCESS_DIED bug check has a value of 0x000000EF. This indicates that a critical system process died. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The process object 2 Reserved 3 Reserved 4 Reserved Bug Check 0xF1: SCSI_VERIFIER_DETECTED_VIOLATION The SCSI_VERIFIER_DETECTED_VIOLATION bug check has a value of 0x000000F1. This is the bug check code for all Driver Verifier SCSI Verification violations. Parameters The four bug check parameters are displayed on the blue screen. Parameter 1 identifies the type of violation. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of Error 0x1000 First argument passed Second argument passed Reserved The miniport driver passed bad arguments to ScsiPortInitialize. 0x1001 Delay, in microseconds Reserved Reserved The miniport driver called ScsiPortStallExecution and specified a delay greater than 0.1 second, stalling the processor too long. 0x1002 Address of routine that took too long Address of miniport's HW_DEVICE_EXTENSION Duration of the routine, in microseconds A miniport routine called by the port driver took longer than 0.5 second to execute. (0.5 seconds is the limit for most routines. However, the HwInitialize routine is allowed 5 seconds, and the FindAdapter routine is exempt.) 0x1003 Address of miniport's HW_DEVICE_EXTENSION Address of the SRB Reserved The miniport driver completed a request more than once. 0x1004 Address of the SRB Address of miniport's HW_DEVICE_EXTENSION Reserved The miniport driver completed a request with an invalid SRB status. 
 0x1005 Address of miniport's HW_DEVICE_EXTENSION Address of LOGICAL_UNIT_EXTENSION Reserved The miniport driver called ScsiPortNotification to ask for NextLuRequest, but an untagged request is still active. 0x1006 Address of miniport's HW_DEVICE_EXTENSION Invalid virtual address Reserved The miniport driver passed an invalid virtual address to ScsiPortGetPhysicalAddress. (This usually means the address supplied doesn't map to the common buffer area.) 
 0x1007 Address of ADAPTER_EXTENSION Address of miniport's HW_DEVICE_EXTENSION Reserved The reset hold period for the bus ended, but the miniport driver still has outstanding requests. 0x2001 Delay, in microseconds Reserved Reserved The Storport miniport driver called StorPortStallExecution and specified a delay longer than 0.1 second, stalling the processor for an excessive length of time. 
0x2002 Reserved Reserved Reserved StorPortGetUncachedExtension was not called from the miniport driver's HwStorFindAdapter routine. The StorPortGetUncachedExtension routine can only be called from the miniport driver's HwStorFindAdapter routine and only for a bus-master adapter. A Storport miniport driver must set the SrbExtensionSize of the HW_INITIALIZATION_DATA (Storport) structure before calling StorPortGetUncachedExtension. 0x2003 Reserved Reserved Reserved An invalid address was passed to the StorPortGetDeviceBase routine. The StorPortGetDeviceBase routine supports only those addresses that were assigned to the driver by the system Plug and Play (PnP) manager. 0x2004 Reserved Reserved Reserved The Storport miniport driver completed the same I/O request more than once. 0x2005 Reserved Reserved Reserved The Storport miniport driver passed an invalid virtual address to one of the StorPortReadxxx or StorPortWritexxx routines. This usually means the address supplied doesn't map to the common buffer area. The specified Register or Port must be in mapped memory-space range returned by StorPortGetDeviceBase routine. Cause See the description of each code in the Parameters section for an explanation of the cause. Resolution This bug check can only occur when Driver Verifier has been instructed to monitor one or more drivers. If you did not intend to use Driver Verifier, you should deactivate it. You might consider removing the driver which caused this problem as well. If you are the driver writer, use the information obtained through this bug check to fix the bugs in your code. The Driver Verifier SCSI Verification option is available only in Windows XP and later. The Driver Verifier Storport Verification option is available only in Windows 7 and later. For full details on Driver Verifier, see the Windows Driver Kit. Bug Check 0xF3: DISORDERLY_SHUTDOWN The DISORDERLY_SHUTDOWN bug check has a value of 0x000000F3. This indicates that Windows was unable to shut down due to lack of memory. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The total number of dirty pages 2 The number of dirty pages destined for the page file 3 Windows Server 2003 only: The size of the nonpaged pool available at the time of the bug check (in pages) Windows Vista and later: Reserved 4 Windows Server 2003 only: The current shut down stage Windows Vista and later: The most recent modified write error status Cause Windows attempted to shut down, but there were no free pages available to continue operations. Because applications were not terminated and drivers were not unloaded, they continued to access pages even after the modified writer had terminated. This causes the system to run out of pages, since the page files could be used. 
 Bug Check 0xF4: CRITICAL_OBJECT_TERMINATION The CRITICAL_OBJECT_TERMINATION bug check has a value of 0x000000F4. This indicates that a process or thread crucial to system operation has unexpectedly exited or been terminated. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The terminating object type: 0x3: Process 0x6: Thread 2 The terminating object 3 The process image file name 4 Pointer to an ASCII string containing an explanatory message Cause Several processes and threads are necessary for the operation of the system. When they are terminated for any reason, the system can no longer function. 
 Bug Check 0xF5: FLTMGR_FILE_SYSTEM The FLTMGR_FILE_SYSTEM bug check has a value of 0x000000F5. This indicates that an unrecoverable failure occurred in the Filter Manager. Parameters The following parameters are displayed on the blue screen. Parameter 1 indicates the type of violation. The meaning of the other parameters depends on the value of Parameter 1. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of error 0x66 Pointer to the callback data structure for the operation. 0 0 The minifilter returned FLT_PREOP_SUCCESS_WITH_CALLBACK or FLT_PREOP_SYNCHRONIZE from a preoperation callback, but did not register a corresponding postoperation callback. 
 0x67 Pointer to the callback data structure for the operation. 0 Error NTSTATUS code for the operation An internal object ran out of space, and the system is unable to allocate new space. 0x68 Handle for the object. 0 NTSTATUS code returned by ObReferenceObjectByHandle Unexpected failure referencing an object. 0x6A File object pointer for the file. 0 0 The file-open or file-create request could not be canceled, because one or more handles have been created for the file. 
 0x6B Frame ID 0 Thread Invalid BACKPOCKET IRPCTRL state. 
 0x6C Frame ID BackPocket List Thread Too many nested PageFaults for BACKPOCKETED IRPCTR. 
 0x6D Address of the minifilter's context structure Address of the CONTEXT_NODE structure 0 The context structure was dereferenced too many times. This means that the reference count on the Filter Manager's CONTEXT_NODE structure went to zero while it was still attached to its associated object. 
 0x6E Address of the minifilter's context structure Address of the CONTEXT_NODE structure 0 The context structure was referenced after being freed. Cause The cause of the problem is indicated by the value of Parameter 1. See the table in the Parameters section. Resolution If Parameter 1 equals 
0x66, you can debug this problem by verifying that your minifilter driver has registered a post-operation callback for this operation. The current operation can be found in the callback data structure. (See Parameter 2.) Use the !fltkd.cbd debugger extension. If Parameter 1 equals 
0x67, you should verify that you do not have a nonpaged pool leak somewhere in the system. If Parameter 1 equals 
0x6A, make sure that your minifilter driver does not reference this file object (see Parameter 2) to get a handle at any point during your minifilter's processing of this operation. If Parameter 1 equals 
0x6B or 0x6C, then a non-recoverable internal state error has occurred which will cause the operating system to bug check. If Parameter 1 equals 
0x6D, make sure that your minifilter driver does not call FltReleaseContext too many times for the given context (see Parameter 2). If Parameter 1 equals 
0x6E, make sure that your minifilter driver does not call FltReferenceContext after the given context has been deleted (see Parameter 2). Bug Check 0xF6: PCI_VERIFIER_DETECTED_VIOLATION The PCI_VERIFIER_DETECTED_VIOLATION bug check has a value of 0x000000F6. This indicates that an error occurred in the BIOS or another device being verified by the PCI driver. Parameters The following parameters are displayed on the blue screen. Parameter 1 is the only parameter of interest; this identifies the nature of the failure detected. Parameter 1 Cause of Error 0x01 An active bridge was reprogrammed by the BIOS during a docking event. 0x02 The PMCSR register was not updated within the spec-mandated time. 0x03 A driver has written to Windows-controlled portions of a PCI device's configuration space. Cause The PCI driver detected an error in a device or BIOS being verified. Bug Check 0xF7: DRIVER_OVERRAN_STACK_BUFFER The DRIVER_OVERRAN_STACK_BUFFER bug check has a value of 0x000000F7. This indicates that a driver has overrun a stack-based buffer. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The actual security check cookie from the stack 2 The expected security check cookie 3 The bit-complement of the expected security check cookie 4 0 Cause A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned. This is the classic "buffer overrun" hacking attack. The system has been brought down to prevent a malicious user from gaining complete control of it. Resolution Use the kb (Display Stack Backtrace) command to get a stack trace. The last routine on the stack before the buffer overrun handlers and bug check call is the one that overran its local variable. Bug Check 0xF8: RAMDISK_BOOT_INITIALIZATION_FAILED The RAMDISK_BOOT_INITIALIZATION_FAILED bug check has a value of 0x000000F8. This indicates that an initialization failure occurred while attempting to boot from the RAM disk. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Indicates the cause of the failure. 1: No LoaderXIPRom descriptor was found in the loader memory list. 2: Unable to open the RAM disk driver (ramdisk.sys or \Device\Ramdisk). 3: FSCTL_CREATE_RAM_DISK failed. 4: Unable to create GUID string from binary GUID. 5: Unable to create symbolic link pointing to the RAM disk device. 2 NTSTATUS code 3 0 4 0 Bug Check 0xF9: DRIVER_RETURNED_STATUS_REPARSE_FOR_VOLUME_OPEN The DRIVER_RETURNED_STATUS_REPARSE_FOR_VOLUME_OPEN bug check has a value of 0x000000F9. This indicates that a driver returned STATUS_REPARSE to an IRP_MJ_CREATE request with no trailing names. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The device object that was opened 2 The device object to which the IRP_MJ_CREATE request was issued 3 Address of the Unicode string containing the new name of the file (to be reparsed) 4 Information returned by the driver for the IRP_MJ_CREATE request Remarks STATUS_REPARSE should be returned only for IRP_MJ_CREATE requests with trailing names, as that indicates the driver is supporting name spaces. Bug Check 0xFA: HTTP_DRIVER_CORRUPTED The HTTP_DRIVER_CORRUPTED bug check has a value of 0x000000FA. This indicates that the HTTP kernel driver (Http.sys) has reached a corrupted state and cannot recover. Parameters The four bug check parameters are displayed on the blue screen. Parameter 1 identifies the exact state of the HTTP kernel driver. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of Error 0x1 Address of work item Name of the file that contains the work item check Line number of the work item check within the file A work item is invalid. This will eventually result in thread pool corruption and an access violation. 
 Bug Check 0xFC: ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY The ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY bug check has a value of 0x000000FC. This indicates that an attempt was made to execute non-executable memory. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The virtual address whose execution was attempted 2 The contents of the page table entry (PTE) 3 Reserved 4 Reserved Resolution When possible, the Unicode string of the driver name that attempted to execute non-executable memory is printed on the bug check screen and is also saved in KiBugCheckDriver. Otherwise, the driver in question can often be found by running a stack trace and then reviewing the current instruction pointer. 
 Bug Check 0xFD: DIRTY_NOWRITE_PAGES_CONGESTION The DIRTY_NOWRITE_PAGES_CONGESTION bug check has a value of 0x000000FD. This indicates that there are no free pages available to continue basic system operations. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Total number of dirty pages 2 Number of non-writeable dirty pages 3 Reserved 4 Most recently modified write-error status Cause This bug check usually occurs because the component that owns the modified non-writeable pages failed to write out these pages after marking the relevant files as "do not write" to memory management. This indicates a driver bug. Resolution For more information about which driver is causing the problem, use the !vm 3 extension, followed by !memusage 1 . 
 Bug Check 0xFE: BUGCODE_USB_DRIVER The BUGCODE_USB_DRIVER bug check has a value of 0x000000FE. This indicates that an error has occurred in a universal serial bus (USB) driver. Parameters The four bug check parameters are displayed on the blue screen. Parameter 1 identifies the type of violation. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of Error 0x1 Reserved Reserved Reserved An internal error has occurred in the USB stack. 0x2 Address of the pending IRP Address of the IRP that was passed in Address of the USB request block (URB) that caused the error The USB client driver has submitted a URB that is still attached to another IRP pending in the bus driver. 0x3 Reserved Reserved Reserved The USB miniport driver has generated a bug check. This usually happens in response to a hardware failure. 0x4 Address of the IRP Address of the URB Reserved The caller has submitted an IRP that is already pending in the USB bus driver. 0x5 Device extension pointer of the host controller PCI vendor, product id for the controller Pointer to endpoint data structure A hardware failure has occurred because of a bad physical address found in a hardware data structure. 0x6 Object address Signature that was expected Reserved An internal data structure (object) is corrupted. 0x7 Pointer to usbport.sys debug log Message string File name Please see the provided message string for detailed information. 0x8 1 Reserved Reserved Reserved 2 Device object IRP An IRP was received by the hub driver that it does not expect or has not registered for. 3 Reserved Reserved Reserved 4 PDO if Parameter 3 is not NULL. Context if Parameter 3 is NULL. Context or NULL Fatal PDO trap 5 Reserved Reserved Reserved 6 Time-out code. See the following table. Time-out code context: port data Fatal time-out If Parameter 1 has a value of 8 and Parameter 2 has a value of 6, then Parameter 3 is a time-out code. Possible values for the time-out code are given in the following table. Time-out code Meaning 0 Non-fatal time-out 1 Failed resuming a suspended port. 2 Timed out waiting for a reset, initiated by a client driver, to complete before suspending the port. 3 Timed out waiting for the port to complete resume before suspending it. 4 Timed out waiting for the port-change state machine to be disabled prior to suspending the port. 5 Timed out waiting for a suspend-port request to complete. 6 Timed out waiting for the port-change state machine to be disabled. 7 Timed out waiting for the port-change state machine to be closed. 8 Timed out waiting for the hub to resume from selective suspend. 9 Timed out waiting for the hub to resume from selective suspend prior to system suspend. 10 Timed out waiting for port-change state machine to become idle. Bug Check 0xFF: RESERVE_QUEUE_OVERFLOW The RESERVE_QUEUE_OVERFLOW bug check has a value of 0x000000FF. This indicates that an attempt was made to insert a new item into a reserve queue, causing the queue to overflow. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The address of the reserve queue 2 The size of the reserve queue 3 0 4 0 Bug Check 0x100: LOADER_BLOCK_MISMATCH The LOADER_BLOCK_MISMATCH bug check has a value of 0x00000100. This indicates that either the loader block is invalid, or it does not match the system that is being loaded. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 3 2 The size of the loader black extension 3 The major version of the loader block 4 The minor version of the loader block Bug Check 0x101: CLOCK_WATCHDOG_TIMEOUT The CLOCK_WATCHDOG_TIMEOUT bug check has a value of 0x00000101. This indicates that an expected clock interrupt on a secondary processor, in a multi-processor system, was not received within the allocated interval. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Clock interrupt time-out interval, in nominal clock ticks 2 0 3 The address of the processor control block (PRCB) for the unresponsive processor 4 0 Cause The specified processor is not processing interrupts. Typically, this occurs when the processor is nonresponsive or is deadlocked. Bug Check 0x103: MUP_FILE_SYSTEM The MUP_FILE_SYSTEM bug check has a value of 0x00000103. This bug check indicates that the multiple UNC provider (MUP) has encountered invalid or unexpected data. As a result, the MUP cannot channel a remote file system request to a network redirector, the Universal Naming Convention (UNC) provider. Parameters These bug check parameters are displayed on the blue screen. Parameter 1 identifies the type of violation. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of error 0x1 The address of the pending IRP. The address of the file object whose file context could not be found. The address of the device object. The MUP could not locate the file context that corresponds to a file object. This typically indicates that the MUP is seeing an I/O request for a file object for which MUP did not see a corresponding IRP_MJ_CREATE request. The likely cause of this bug check is a filter driver error. 0x2 The address of the expected file context. The address that was actually retrieved from the file object. Reserved A file context is known to exist for the file object, but was not what was expected (for example, it might be NULL). 
 0x3 The address of the IRP context. The IRP completion status code. The driver object of the UNC provider that completed the IRP (might be NULL). The IRP completion status was unexpected or invalid. This bug check occurs only when you are using a Checked Build of Windows and should only be caused by file system filter drivers that are attached to legacy network redirectors. Legacy redirectors use FsRtlRegisterUncProvider to register with MUP. This bug check detects filter drivers that return an NTSTATUS that is not STATUS_SUCCESS in IRP_MJ_CLEANUP or IRP_MJ_CLOSE requests. 0x4 Address of the IRP Address of the file object The file context for the file object An I/O operation was started on a file object before the create request for the file object was completed. Remarks The MUP maintains context information on a per-file object basis for all file objects it handles. 
 Bug Check 0x104: AGP_INVALID_ACCESS The AGP_INVALID_ACCESS bug check has a value of 0x00000104. This indicates that the GPU wrote to a range of Accelerated Graphics Port (AGP) memory that had not previously been committed. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Offset (in ULONG) within the AGP verifier page to the first ULONG data that is corrupted 2 0 3 0 4 0 Cause Typically, this bug check is caused by an unsigned or improperly tested video driver. It can also be caused by an old BIOS. Resolution Check for display driver and computer BIOS updates. Bug Check 0x105: AGP_GART_CORRUPTION The AGP_GART_CORRUPTION bug check has a value of 0x00000105. This indicates that the Graphics Aperture Remapping Table (GART) is corrupt. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The base address (virtual) of the GART 2 The offset into the GART where the corruption occurred 3 The base address (virtual) of the GART cache (a copy of the GART) 4 0 Cause This bug check is typically caused by improper direct memory access (DMA) by a driver. Resolution Enable Driver Verifier for any unsigned drivers. Remove them or disable them one by one until the erring driver is identified. Bug Check 0x106: AGP_ILLEGALLY_REPROGRAMMED The AGP_ILLEGALLY_REPROGRAMMED bug check has a value of 0x00000106. This indicates that the Accelerated Graphics Port (AGP) hardware has been reprogrammed by an unauthorized agent. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The originally programmed AGP command register value 2 The current command register value 3 0 4 0 Cause This bug check is typically caused by an unsigned, or improperly tested, video driver. Resolution Check the video manufacturer's Web site for updated display drivers or use VGA mode. Bug Check 0x108: THIRD_PARTY_FILE_SYSTEM_FAILURE The THIRD_PARTY_FILE_SYSTEM_FAILURE bug check has a value of 0x00000108. This indicates that an unrecoverable problem has occurred in a third-party file system or file system filter. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Identifies the file system that failed. Possible values include: 1: Polyserve (Psfs.sys) 2 The address of the exception record. 3 The address of the context record. 4 Reserved. Cause One possible cause of this bug check is disk corruption. Corruption in the third-party file system or bad blocks (sectors) on the hard disk can induce this error. Corrupted SCSI and IDE drivers can also adversely affect the Windows operating system's ability to read and write to disk, thus causing the error. Another possible cause is depletion of nonpaged pool memory. If the nonpaged pool is completely depleted, this error can stop the system. Resolution To debug this problem: Use the .cxr (Display Context Record) command with Parameter 3, and then use kb (Display Stack Backtrace). To resolve a disk corruption problem: Check Event Viewer for error messages from SCSI, IDE, or other disk controllers in the system that might help pinpoint the device or driver that is causing the error. Try disabling any virus scanners, backup programs, or disk defragmenter tools that continually monitor the system. You should also run hardware diagnostics supplied by the file system or the file system filter manufacturer. To resolve a nonpaged pool memory depletion problem: Add new physical memory to the computer. This will increase the quantity of nonpaged pool memory available to the kernel. 
 Bug Check 0x109: CRITICAL_STRUCTURE_CORRUPTION The CRITICAL_STRUCTURE_CORRUPTION bug check has a value of 0x00000109. This indicates that the kernel has detected critical kernel code or data corruption. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Reserved 2 Reserved 3 Reserved 4 The type of the corrupted region. (See the following table later on this page.) The value of Parameter 4 indicates the type of corrupted region. Parameter 4 Type of Corrupted Region, Type of Corruption, or Type of Action Taken That Caused the Corruption 
0x0 A generic data region 0x1 A function modification or the Itanium-based function location 
 0x2 A processor interrupt dispatch table (IDT) 
 0x3 A processor global descriptor table (GDT) 
 0x4 A type-1 process list corruption 
 0x5 A type-2 process list corruption 
 0x6 A debug routine modification 
 0x7 A critical MSR modification Cause There are generally three different causes for this bug check: A driver has inadvertently, or deliberately, modified critical kernel code or data. Microsoft Windows Server 2003 with Service Pack 1 (SP1) and later versions of Windows for x64-based computers do not allow the kernel to be patched except through authorized Microsoft-originated hot patches. For more information, see Patching Policy for x64-based Systems. A developer attempted to set a normal kernel breakpoint using a kernel debugger that was not attached when the system was started. Normal breakpoints (bp) can only be set if the debugger is attached at start time. Processor breakpoints (ba) can be set at any time. A hardware corruption occurred. For example, the kernel code or data could have been stored in memory that failed. 
 Bug Check 0x10A: APP_TAGGING_INITIALIZATION_FAILED The APP_TAGGING_INITIALIZATION_FAILED bug check has a value of 0x0000010A. This bug check appears very infrequently. Bug Check 0x10C: FSRTL_EXTRA_CREATE_PARAMETER_VIOLATION The FSRTL_EXTRA_CREATE_PARAMETER_VIOLATION bug check has a value of 0x0000010C. This indicates that a violation was detected in the File system Run-time library (FsRtl) Extra Create Parameter (ECP) package. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The type of violation. (See the following table later on this page for more details). 2 0 3 The address of the ECP. 4 The starting address of the ECP list. The value of Parameter 1 indicates the type of violation. Parameter 1 Type of Violation 0x1 The ECP signature is invalid, due to either a bad pointer or memory corruption. 0x2 The ECP has undefined flags set. 0x3 The ECP was not allocated by the FsRtl. 0x4 The ECP has flags set that are illegal for a parameter passed by a create caller. 0x5 The ECP is corrupted; its size is smaller than the header size. 0x6 The ECP that is being freed has non-empty list pointers; it might still be part of an ECP list. 0x11 The ECP list signature is invalid, due to either a bad pointer or memory corruption. 0x12 The ECP list has undefined flags set. 0x13 The ECP list was not allocated by the FsRtl. 0x14 The ECP list has flags set that are illegal for a parameter list passed by a create caller. 0x15 The ECP list passed by the create caller is empty. Bug Check 0x10D: WDF_VIOLATION The WDF_VIOLATION bug check has a value of 0x0000010D. This indicates that Kernel-Mode Driver Framework (KMDF) detected that Windows found an error in a framework-based driver. Parameters The following parameters are displayed on the blue screen. Parameter 1 indicates the specific error code of the bug check. Parameter 4 is reserved. Parameter 1 Parameter 2 Parameter 3 Cause of Error 0x1 Pointer to a WDF_POWER_ROUTINE_TIMED_OUT_DATA structure Reserved A framework-based driver has timed out during a power operation. This typically means that the device stack did not set the DO_POWER_PAGABLE bit and a driver attempted a pageable operation after the paging device stack was powered down. 0x2 Reserved Reserved An attempt is being made to acquire a lock that is currently being held. 0x3 WDFREQUEST handle The number of outstanding references that remain on both buffers Windows Driver Framework Verifier has encountered a fatal error. In particular, an I/O request was completed, but a framework request object cannot be deleted because there are outstanding references to the input buffer, the output buffer, or both. 0x4 Reserved The caller's address A NULL parameter was passed to a function that required a non-NULL value. 0x5 The handle value passed in Reserved A framework object handle of the incorrect type was passed to a framework object method. 0x6 See table below. 0x7 The handle of the framework object Reserved A driver attempted to delete a framework object incorrectly by calling WdfObjectDereference to delete a handle instead of calling WdfObjectDelete. 0x8 The handle of the DMA transaction object Reserved An operation occurred on a DMA transaction object while it was not in the correct state. 0x9 Currently unused. 0xA A pointer to a WDF_QUEUE_FATAL_ERROR_DATA structure Reserved A fatal error has occurred while processing a request that is currently in the queue. 0xB See table below. 0xC WDFDEVICE handle Pointer to new PnP IRP A new state-changing PnP IRP arrived while the driver was processing another state-changing PnP IRP. 0xD WDFDEVICE handle Pointer to power IRP A device's power policy owner received a power IRP that it did not request. There might be multiple power policy owners, but only one is allowed. A KMDF driver can change power policy ownership by calling WdfDeviceInitSetPowerPolicyOwnership. 0xE IRQL at which the event callback function was called. IRQL at which the event callback function returned. An event callback function did not return at the same IRQL at which it was called. The callback function changed the IRQL directly or indirectly (for example, by acquiring a spinlock, which raises IRQL to DISPATCH_LEVEL, but not releasing the spinlock). 0xF Address of an event callback function. Reserved An event callback function entered a critical region, but it did not leave the critical region before returning. If Parameter 1 is equal to 0x6, then a fatal error was made in handling a WDF request. In this case, Parameter 2 further specifies the type of fatal error that has been made, as defined by the enumeration WDF_REQUEST_FATAL_ERROR. Parameter 2 Parameter 3 Cause of Error 0x1 The address of the IRP No more I/O stack locations are available to format the underlying IRP. 0x2 The WDF request handle value An attempt was made to format a framework request object that did not contain an IRP. 0x3 The WDF request handle value The driver attempted to send a framework request that has already been sent to an I/O target. 0x4 A pointer to a WDR_REQUEST_FATAL_ERROR_INFORMATION_LENGTH_MISMATCH_DATA structure that contains a pointer to the IRP, a WDF request handle value, an IRP major function, and the number of bytes attempted to be written The driver has completed a framework request, but has written more bytes to the output buffer than are specified in the IRP. If Parameter 1 is equal to 0xB, then an attempt to acquire or release a lock was invalid. In this case, Parameter 3 further specifies the error that has been made. Parameter 2 Parameter 3 Cause of Error The handle value 0x0 A handle passed to WdfObjectAcquireLock or WdfObjectReleaseLock represents an object that does not support synchronization locks. A WDF spin lock handle 0x1 The spin lock is being released by a thread that did not acquire it. Cause See the description of each code in the Parameters section for an explanation of the cause. Resolution Typically, the dump file will yield further information on the driver that caused this bug check. If Parameter 1 is equal to 0x2, examine the caller's stack to determine the lock in question. If Parameter 1 is equal to 0x3, the driver's Kernel-Mode Driver Framework error log will include details about the outstanding references. If Parameter 1 is equal to 0x4, use the ln debugger command with the value of Parameter 3 as its argument to determine which function requires a non-NULL parameter. If Parameter 1 is equal to 0x7, use the !wdfkd.wdfhandleParameter 2 extension command to determine the handle type. If Parameter 1 is equal to 0xA, then the WDF_QUEUE_FATAL_ERROR_DATA structure will indicate either the problematic request or the queue handle. It will also indicate the NTSTATUS, if not STATUS_SUCCESS, when available. Bug Check 0x10E: VIDEO_MEMORY_MANAGEMENT_INTERNAL The VIDEO_MEMORY_MANAGEMENT_INTERNAL bug check has a value of 0x0000010E. This indicates that the video memory manager has encountered a condition that it is unable to recover from. Parameters The following parameters are displayed on the blue screen. Parameter 1 is the only parameter of interest; this identifies the exact violation. Values for Parameter 1 that do not appear in this table must be individually examined. Parameter 1 Cause of Error 0x1 An attempt was made to rotate a non-rotate range. 0x2 An attempt was made to destroy a non-empty process heap. 0x3 An attempt to unmap from an aperture segment failed. 0x4 A rotation in a must-succeed path failed. 0x5 A deferred command failed. 0x6 An attempt was made to reallocate resources for an allocation that was having its eviction canceled. 0x7 An invalid attempt was made to defer free usage. 0x8 The split direct memory access (DMA) buffer contains an invalid reference. 0x9 An attempt to evict an allocation failed. 0xA An invalid attempt to use a pinned allocation was made. 0xB A driver returned an invalid error code from BuildPagingBuffer. 0xC A resource leak was detected in a segment. 0xD A segment is being used improperly. 0xE An attempt to map an allocation into an aperture segment failed. 0xF A driver returned an invalid error code from AcquireSwizzlingRange. 0x10 A driver returned an invalid error code from ReleaseSwizzlingRange. 0x11 An invalid attempt to use an aperture segment was made. 0x12 A driver overflowed the provided DMA buffer. 0x13 A driver overflowed the provided private data buffer. 0x14 An attempt to purge all segments failed. 0x15 An attempt was made to free a virtual address descriptor (VAD) that was still in the rotated state 0x16 A driver broke the guaranteed DMA buffer model contract. 0x17 An unexpected system command failure occurred. 0x18 An attempt to release a pinned allocation's resource failed. 0x19 A driver failed to patch a DMA buffer. 0x1A The owner of a shared allocation was freed. 0x1B An attempt was made to release an aperture range that is still in use. 0x25 The GPU attempted to write over an undefined area of the aperture. Cause This bug check is usually caused by a video driver behaving improperly. Resolution If the problem persists, check Windows Update for an updated video driver. 
 Bug Check 0x10F: RESOURCE_MANAGER_EXCEPTION_NOT_HANDLED The RESOURCE_MANAGER_EXCEPTION_NOT_HANDLED bug check has a value of 0x0000010F. This indicates that the kernel transaction manager detected that a kernel-mode resource manager has raised an exception in response to a direct call-back. The resource manager is in an unexpected and unrecoverable state. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The address of the exception record 2 The address of the context record 3 The address of the exception code 4 The address of the resource manager 
 Bug Check 0x111: RECURSIVE_NMI The RECURSIVE_NMI bug check has a value of 0x00000111. This bug check indicates that a non-maskable-interrupt (NMI) occurred while a previous NMI was in progress. Remarks This bug check occurs when there is an error in the system management interrupt (SMI) code, and an SMI interrupts an NMI and enables interrupts. Execution then continues with NMIs enabled, and another NMI interrupts the NMI in progress. Bug Check 0x112: MSRPC_STATE_VIOLATION The MSRPC_STATE_VIOLATION bug check has a value of 0x00000112. This indicates that the Msrpc.sys driver has initiated a bug check. Parameters The following parameters are displayed on the blue screen. Parameters 1 and 2 are the only parameters of interest. Parameter 1 indicates the state violation type; the value for Parameter 2 is determined by the value of Parameter 1. Parameter 1 Parameter 2 Cause of Error 0x01 The exception code A non-continuable exception was continued by the caller. 0x02 The error The advanced local procedure call (ALPC) returned an invalid error. 0x03 The session to the server The caller unloaded the Microsoft remote procedure call (MSRPC) driver while it was still in use. It is likely that open binding handles remain. 0x04 and 0x05 The session to the server An invalid close command was received from the ALPC. 0x06 The binding handle An attempt was made to bind a remote procedure call (RPC) handle a second time. 0x07 The binding handle An attempt was made to perform an operation on a binding handle that was not bound. 0x08 The binding handle An attempt was made to set security information on a binding handle that was already bound. 0x09 The binding handle An attempt was made to set an option on a binding handle that was already bound. 0x0A The call object An attempt was made to cancel an invalid asynchronous remote procedure call. 0x0B The call object An attempt was made to push on an asynchronous pipe call when it was not expected. 0x0C and 0x0E The pipe object An attempt was made to push on an asynchronous pipe without waiting for notification. 0x0F The pipe object An attempt was made to synchronously terminate a pipe a second time. 0x15 The object closest to the error An RPC internal error occurred. 0x16 Reserved Two causally ordered calls were issued in an order that cannot be enforced by the RPC. 0x17 The call object A server manager routine did not unsubscribe from notifications prior to completing the call. 0x18 The async handle An invalid operation on the asynchronous handle occurred. Cause The most common cause of this bug check is that the caller of the Msrpc.sys driver violated the state semantics for such a call. Bug Check 0x113: VIDEO_DXGKRNL_FATAL_ERROR The VIDEO_DXGKRNL_FATAL_ERROR bug check has a value of 0x00000113. This indicates that the dxg kernel has detected a violation. This bug check appears very infrequently. 
 Bug Check 0x114: VIDEO_SHADOW_DRIVER_FATAL_ERROR The VIDEO_SHADOW_DRIVER_FATAL_ERROR bug check has a value of 0x00000114. This indicates that the shadow driver has detected a violation. This bug check appears very infrequently. Bug Check 0x115: AGP_INTERNAL The AGP_INTERNAL bug check has a value of 0x00000115. This indicates that the accelerated graphics port (AGP) driver has detected a violation. This bug check appears very infrequently. 
 Bug Check 0x116: VIDEO_TDR_ERROR The VIDEO_TDR_ ERROR bug check has a value of 0x00000116. This indicates that an attempt to reset the display driver and recover from a timeout failed. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The pointer to the internal TDR recovery context, if available. 2 A pointer into the responsible device driver module (for example, the owner tag). 3 The error code of the last failed operation, if available. 4 Reserved. Bug Check 0x117: VIDEO_TDR_TIMEOUT_DETECTED The VIDEO_TDR_TIMEOUT_DETECTED bug check has a value of 0x00000117. This indicates that the display driver failed to respond in a timely fashion. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The pointer to the internal TDR recovery context, if available. 2 A pointer into the responsible device driver module (for example, the owner tag). 3 The secondary driver-specific bucketing key. 4 Reserved. 
 Bug Check 0x119: VIDEO_SCHEDULER_INTERNAL_ERROR The VIDEO_SCHEDULER_INTERNAL_ERROR bug check has a value of 0x00000119. This indicates that the video scheduler has detected a fatal violation. Parameters The following parameters are displayed on the blue screen. Parameter 1 is the only parameter of interest and identifies the exact violation. Parameter 1 Cause of Error 0x1 The driver has reported an invalid fence ID. 0x2 The driver failed upon the submission of a command. 0x3 The driver failed upon patching the command buffer. 0x4 The driver reported an invalid flip capability. Bug Check 0x11A: EM_INITIALIZATION_FAILURE The EM_INITIALIZATION_FAILURE bug check has a value of 0x0000011A. This bug check appears very infrequently. 
 Bug Check 0x11B: DRIVER_RETURNED_HOLDING_CANCEL_LOCK The DRIVER_RETURNED_HOLDING_CANCEL_LOCK bug check has a value of 0x0000011B. This bug check indicates that a driver has returned from a cancel routine that holds the global cancel lock. This causes all later cancellation calls to fail, and results in either a deadlock or another bug check. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The address of the IRP that was canceled (might not be valid). 2 The address of the cancel routine. Remarks The cancel spin lock should have been released by the cancel routine. The driver calls the IoCancelIrpIoCancelIrp function to cancel an individual I/O request packet (IRP). This function acquires the cancel spin lock, sets the cancel flag in the IRP, and then calls the cancel routine specified by the appropriate field in the IRP, if a routine was specified. The cancel routine is expected to release the cancel spin lock. If there is no cancel routine, the cancel spin lock is released. 
 Bug Check 0x11C: ATTEMPTED_WRITE_TO_CM_PROTECTED_STORAGE The ATTEMPTED_WRITE_TO_CM_PROTECTED_STORAGE bug check has a value of 0x0000011C. This bug check indicates that an attempt was made to write to the read-only protected storage of the configuration manager. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Virtual address for the attempted write 2 PTE contents 3 Reserved 4 Reserved Remarks When it is possible, the name of the driver that is attempting the write operation is printed as a Unicode string on the bug check screen and then saved in KiBugCheckDriver. 
 Bug Check 0x11D: EVENT_TRACING_FATAL_ERROR The EVENT_TRACING_FATAL_ERROR bug check has a value of 0x0000011D. This bug check indicates that the Event Tracing subsystem has encountered an unexpected fatal error. Bug Check 0x121: DRIVER_VIOLATION The DRIVER_VIOLATION bug check has a value of 0x00000121. This bug check indicates that a driver has caused a violation. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Describes the type of violation 2 Reserved 3 Reserved Remarks Use a kernel debugger and view the call stack to determine the name of the driver that caused the violation. Bug Check 0x122: WHEA_INTERNAL_ERROR The WHEA_INTERNAL_ERROR bug check has a value of 0x00000122. This bug check indicates that an internal error in the Windows Hardware Error Architecture (WHEA) has occurred. Errors can result from a bug in the implementation of a platform-specific hardware error driver (PSHED) plug-in supplied by a vendor, the firmware implementation of error records, or the firmware implementation of error injection. Parameters Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of error 0x1 Size of memory Error source count 0 Failed to allocate enough memory for all the error sources in the hardware error source table. 0x2 Number of processors 0 0 Failed to allocate enough memory for a WHEA information block for each processor. 0x5 Status Phase (The initialization phase for the bug check) 0 WHEA failed to allocate enough memory for the error sources, or the error source enumeration failed. 0x6 Status Phase Error source type Failed to initialize the error source (Parameter 4) during the phase specified by Parameter 3. 0x7 Status 0 0 Failed to allocate enough memory. 0x8 Number of error sources 0 0 Failed to allocate enough memory for all the error source descriptors. 0x9 Error source type Source ID 0 WHEA received an uncorrected error source from an invalid error source. 0xA Error source type Source ID 0 Failed to allocate an error record for an uncorrected error. 0xB Error source type Source ID 0 Failed to populate the error record for an uncorrected error. If Parameter 1 is equal to 0x6, 0x9, 0xA, or 0xB, one of the other parameters contains the error source type. The following table gives possible values for the error source type. Value Description 0x00 Machine check exception 0x01 Corrected machine check 0x02 Corrected platform error 0x03 Non-maskable interrupt 0x04 PCI express error 0x05 Other types of error sources/Generic 0x06 IA64 INIT error source 0x07 BOOT error source 0x08 SCI-based generic error source 0x09 Itanium machine check abort 0x0A Itanium machine check 0x0B Itanium corrected platform error 
 Bug Check 0x124: WHEA_UNCORRECTABLE_ERROR The WHEA_UNCORRECTABLE_ERROR bug check has a value of 0x00000124. This bug check indicates that a fatal hardware error has occurred. This bug check uses the error data that is provided by the Windows Hardware Error Architecture (WHEA). Parameters Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of error 0x0 Address of WHEA_ERROR_RECORD structure. High 32 bits of MCi_STATUS MSR for the MCA bank that had the error. Low 32 bits of MCi_STATUS MSR for the MCA bank that had the error. A machine check exception occurred. These parameter descriptions apply if the processor is based on the x64 architecture, or the x86 architecture that has the MCA feature available (for example, Intel Pentium Pro, Pentium IV, or Xeon). 0x1 Address of WHEA_ERROR_RECORD structure. Reserved. Reserved. A corrected machine check exception occurred. 0x2 Address of WHEA_ERROR_RECORD structure. Reserved. Reserved. A corrected platform error occurred. 0x3 Address of WHEA_ERROR_RECORD structure. Reserved. Reserved. A nonmaskable Interrupt (NMI) error occurred. 0x4 Address of WHEA_ERROR_RECORD structure. Reserved Reserved. An uncorrectable PCI Express error occurred. 0x5 Address of WHEA_ERROR_RECORD structure. Reserved. Reserved. A generic hardware error occurred. 0x6 Address of WHEA_ERROR_RECORD structure Reserved. Reserved. An initialization error occurred. 0x7 Address of WHEA_ERROR_RECORD structure. Reserved. Reserved. A BOOT error occurred. 0x8 Address of WHEA_ERROR_RECORD structure Reserved. Reserved. A Scalable Coherent Interface (SCI) generic error occurred. 0x9 Address of WHEA_ERROR_RECORD structure. Length, in bytes, of the SAL log. Address of the SAL log. An uncorrectable Itanium-based machine check abort error occurred. 0xA Address of WHEA_ERROR_RECORD structure Reserved. Reserved. A corrected Itanium-based machine check error occurred. 0xB Address of WHEA_ERROR_RECORD structure. Reserved. Reserved. A corrected Itanium platform error occurred. Remarks Parameter 1 identifies the type of error source that reported the error. Parameter 2 holds the address of the WHEA_ERROR_RECORD structure that describes the error condition. For information about WHEA, see Windows Hardware Error Architecture Design Guide within the WDK documentation . Note This bug check is not supported in Windows versions prior to Windows Vista. Instead, machine check exceptions are reported through bug check 0x9C. Bug Check 0x127: PAGE_NOT_ZERO The PAGE_NOT_ZERO bug check has a value of 0x00000127. This bug check indicates that a page that should have been filled with zeros was not. This bug check might occur because of a hardware error or because a privileged component of the operating system modified a page after freeing it. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Virtual address that maps the corrupted page 2 Physical page number 3 Zero (Reserved) 4 Zero (Reserved) Bug Check 0x12B: FAULTY_HARDWARE_CORRUPTED_PAGE The FAULTY_HARDWARE_CORRUPTED_PAGE bug check has a value of 0x00000128. This bug check indicates that a single-bit error was found in this page. This is a hardware memory error. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Virtual address maps to the corrupted page 2 Physical page number 3 Zero (Reserved) 4 Zero (Reserved) 
 Bug Check 0x12C: EXFAT_FILE_SYSTEM The EXFAT_FILE_SYSTEM bug check has a value of 0x0000012C. This bug check indicates that a problem occurred in the Extended File Allocation Table (exFAT) file system. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Specifies source file and line number information. The high 16 bits (the first four hexadecimal digits after the "0x") determine the source file by its identifier number. The low 16 bits determine the source line in the file where the bug check occurred. 2 If FppExceptionFilter is on the stack, this parameter specifies the address of the exception record. 3 If FppExceptionFilter is on the stack, this parameter specifies the address of the context record. 4 Reserved. Cause This bug check is caused by the file system as a last resort when its internal accounting is in an unsupportable state and to continue poses a large risk of data loss. The file system never causes this bug check when the on disk structures are corrupted, the disk sectors go bad, or a memory allocation fails. Bad sectors could lead to a bug check, for example, when a page fault occurs in kernel code or data and the memory manager cannot read the pages. However, for this bug check, the file system is not the cause. Resolution To debug this problem: Use the .cxr (Display Context Record) command together with Parameter 3, and then use kb (Display Stack Backtrace). 
 Bug Check 0x133 DPC_WATCHDOG_VIOLATION The DPC_WATCHDOG_VIOLATION bug check has a value of 0x00000133. This bug check indicates that the DPC watchdog executed, either because it detected a single long-running deferred procedure call (DPC), or because the system spent a prolonged time at an interrupt request level (IRQL) of DISPATCH_LEVEL or above. The value of Parameter 1 indicates whether a single DPC exceeded a timeout, or whether the system cumulatively spent an extended period of time at IRQL DISPATCH_LEVEL or above. Parameters The following parameters are displayed on the blue screen. Parameter 1 indicates the type of violation. The meaning of the other parameters depends on the value of Parameter 1. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of Error 0 The DPC time count (in ticks) The DPC time allotment (in ticks). Reserved A single DPC or ISR exceeded its time allotment. The offending component can usually be identified with a stack trace. 1 The watchdog period Reserved Reserved The system cumulatively spent an extended period of time at IRQL DISPATCH_LEVEL or above. The offending component can usually be identified with a stack trace. 
 Bug Check 0x138 GPIO_CONTROLLER_DRIVER_ERROR The GPIO_CONTROLLER_DRIVER_ERROR bug check has a value of 0x00000138. This bug check indicates that the GPIO class extension driver encountered a fatal error. Parameters The following parameters are displayed on the blue screen. Parameter 1 indicates the type of violation. The meaning of the other parameters depends on the value of Parameter 1. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of Error 1 GSIV Reserved Reserved The GPIO controller managing the specific GSIV is not registered. 2 Context value Reserved Reserved A client driver specified an invalid context to a lock or unlock request. 3 Indicates whether a critical transition is being requested. Indicates whether the bank is already in F1 due to a non-critical transition. Indicates whether the bank is already in F1 due to a critical transition. PoFx requested that the GPIO controller send a bank through an inappropriate F1 power state and/or a critical transition. 4 Indicates whether a critical transition is being requested. Indicates whether the bank is in F1 due to a non-critical transition. Indicates whether the bank is in F1 due to a critical transition. PoFx requested that the GPIO controller send a bank through an inappropriate F0 power state and/or a critical transition. 5 NTSTATUS GPIO device extension GPIO interrupt parameters An on-Soc GPIO interrupt operation failed. 6 NTSTATUS GPIO device extension GPIO IO parameters An on-Soc GPIO IO operation failed. 7 Revision ID Function Index Reserved A _DSM method returned malformed data. 
 Bug Check 0x139 KERNEL_SECURITY_CHECK_FAILURE The KERNEL_SECURITY_CHECK_FAILURE bug check has a value of 0x00000139. This bug check indicates that the kernel has detected the corruption of a critical data structure. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The type of corruption. For more information, see the following table. 2 Address of the trap frame for the exception that caused the bug check 3 Address of the exception record for the exception that caused the bug check 4 Reserved The following table describes possible values for Parameter 1. Parameter 1 Description 0 A stack-based buffer has been overrun (legacy /GS violation). 1 VTGuard instrumentation code detected an attempt to use an illegal virtual function table. Typically, a C++ object was corrupted, and then a virtual method call was attempted using the corrupted object's this pointer. 2 Stack cookie instrumentation code detected a stack-based buffer overrun (/GS violation). 3 A LIST_ENTRY was corrupted (for example, a double remove). For more information, see the following Cause section. 4 Reserved 5 An invalid parameter was passed to a function that considers invalid parameters fatal. 6 The stack cookie security cookie was not properly initialized by the loader. This may be caused by building a driver to run only on Windows 8 and attempting to load the driver image on an earlier version of Windows. To avoid this problem, you must build the driver to run on an earlier version of Windows. 7 A fatal program exit was requested. 8 A array bounds check inserted by the compiler detected an illegal array indexing operation. 9 A call to RtlQueryRegistryValues was made specifying RTL_QUERY_REGISTRY_DIRECT without RTL_QUERY_REGISTRY_TYPECHECK, and the target value was not in a trusted system hive. Cause Most causes of this bug check tend to be self explanatory and easy to diagnose. One exception is code 3, LIST_ENTRY corruption. This type of bug check can be difficult to track down and indicates that an inconsistency has been introduced into a doubly-linked list (detected when an individual list entry element is added to or removed from the list). Unfortunately, the inconsistency is not necessarily detected at the time when the corruption occurred, so some detective work may be necessary to identify the root cause. Common causes of list entry corruption include: A driver has corrupted a kernel synchronization object, such as a KEVENT (for example double initializing a KEVENT while a thread was still waiting on that same KEVENT, or allowing a stack-based KEVENT to go out of scope while another thread was using that KEVENT). This type of bug check typically occurs in nt!Ke* or nt!Ki* code. It can happen when a thread finishes waiting on a synchronization object or when code attempts to put a synchronization object in the signaled state. Usually, the synchronization object being signaled is the one that has been corrupted. Sometimes, Driver Verifier with special pool can help track down the culprit (if the corrupted synchronization object is in a pool block that has already been freed). A driver has corrupted a periodic KTIMER. This type of bug check typically occurs in nt!Ke* or nt!Ki* code and involves signaling a timer, or inserting or removing a timer from a timer table. The timer being manipulated may be the corrupted one, but it might be necessary to inspect the timer table with !timer (or manually walking the timer list links) to identify which timer has been corrupted. Sometimes, Driver Verifier with special pool can help track down the culprit (if the corrupted KTIMER is in a pool block that has already been freed). A driver has mismanaged an internal LIST_ENTRY-style linked list. A typical example would be calling RemoveEntryList twice on the same list entry without reinserting the list entry between the two RemoveEntryList calls. Other variations are possible, such as double inserting an entry into the same list. A driver has freed a data structure that contains a LIST_ENTRY without removing the data structure from its corresponding list, causing corruption to be detected later when the list is examined after the old pool block has been reused. A driver has used a LIST_ENTRY-style list in a concurrent fashion without proper synchronization, resulting in a torn update to the list. In most cases, you can identify the corrupted data structure by walking the linked list both forward and backwards (the dl and dlb commands are useful for this purpose) and comparing the results. Where the list is inconsistent between a forward and backward walk is typically the location of the corruption. Since a linked list update operation can modify the list links of a neighboring element, you should look at the neighbors of a corrupted list entry closely, as they may be the underlying culprit. Because many system components internally utilize LIST_ENTRY lists, various types of resource mismanagement by a driver using system APIs might cause linked list corruption in a system-managed linked list. 
 Bug Check 0x144: BUGCODE_USB3_DRIVER The BUGCODE_USB3_DRIVER bug check has a value of 0x00000144. This is the code used for all USB 3 bug checks. Parameter 1 specifies the type of the USB 3 bug check, and the meanings of the other parameters are dependent on Parameter 1. Parameters The following parameters are displayed on the blue screen. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of error 0x1 Optional. Pointer to the IRP used to resend the URB Pointer to the URB Pointer to the client driver's device object A client driver used an URB that it had previously sent to the core stack. 0x2 Pointer to the physical device object (PDO) for the boot device Reserved Reserved A boot or paging device failed re-enumeration. 0x3 Optional. Pointer to the IRP used to send the URB Pointer to the corrupted URB Pointer to the client driver's device object A client driver sent a corrupted URB to the core stack. This can happen because the client driver did not allocate the URB using USBD_xxxUrbAllocate or because the client driver did a buffer underrun for the URB. 0x800 IRQL at which the Open Static Streams request was sent Pointer to the Open Static Streams IRP Pointer to the client driver's device object An Open Static Streams request was sent at IRQL > PASSIVE LEVEL. 0x801 Pointer to the Open Static Streams IRP Pointer to the Open Static Streams URB Pointer to the client driver's device object A client driver attempted to open static streams before querying for streams capability. A client driver cannot open a static stream until after it successfully queries for the streams capability. For more information, see Remarks. 0x802 Number of static streams that the client driver tried to open Number of static streams that were granted to the client driver Pointer to the client driver's device object A Client driver tried to open an invalid number of static streams. The number of streams cannot be 0 and cannot be greater than the value returned to the client driver in the query USB capability call. 0x803 Pointer to the Open Static Streams IRP Pointer to the Open Static Streams URB Pointer to the client driver's device object A client driver attempted to open static streams for an endpoint that already had static streams open. Before opening static streams, the client driver must close the previously opened static streams. 0x804 The leaked handle context. Run !usbanalyze -v to get information about the leaked handle and URBs. You must enable Driver Verifier for the client driver. Device object passed to USBD_CreateHandle. Reserved A client driver forgot to close a handle it created earlier using USBD_CreateHandle or forgot to free an URB it allocated. 0x805 WDFREQUEST handle for the Close Static Streams URB Pointer to the Close Static Streams URB Pointer to the client driver's device object A client driver sent a Close Static Streams URB in an invalid state (for example, after processing D0 Exit). 0x806 Pointer to the IRP Pointer to the URB Pointer to the client driver's device object A client driver attempted to send a chained MDL before querying for chained MDL capability. A client driver cannot send a chained MDL until after it successfully queries for the chained MDL capability. For more information, see Remarks. 0x807 Pointer to the chained MDL Pointer to the URB Pointer to the client driver's device object if available A client driver sent an URB to the core stack with a transfer buffer length longer than the byte count (returned by MmGetMdlByteCount) of the MDL passed in. For more information, see Remarks. Remarks To query for a USB capability, the client driver must call WdfUsbTargetDeviceQueryUsbCapability or USBD_QueryUsbCapability To send a chained MDL, the client driver must call USBD_QueryUsbCapability and use URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER_USING_CHAINED_MDL or URB_FUNCTION_ISOCH_TRANSFER_USING_CHAINED_MDL. 
 Bug Check 0x14B: SOC_SUBSYSTEM_FAILURE The SOC_SUBSYSTEM_FAILURE bug check has a value of 0x0000014B. This indicates that an unrecoverable error was encountered in a System on a Chip (SoC) subsystem. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Specifies the subsystem that caused the failure. 0: Wireless modem 1: Audio DSP 2: Wireless connectivity 3: Sensors 2 Reserved. 3 Reserved. 4 Reserved.   Requirements Minimum supported client Windows 8 Minimum supported server Windows Server 2012 
 Bug Check 0x15D SOC_SUBSYSTEM_FAILURE_LIVEDUMP The SOC_SUBSYSTEM_FAILURE_LIVEDUMP bug code has a value of 0x0000015D. This indicates that a System on a Chip (SoC) subsystem has experienced a critical fault and has captured a live kernel dump. The SoC subsystem does not generate a bug check in this situation. Parameters Parameter Description 1 Address of an SOC_SUBSYSTEM_FAILURE_DETAILS structure. 2 Reserved. 3 Reserved. 4 Optional. Address of a vendor-supplied data block.   Requirements Minimum supported client Windows 8 Minimum supported server Windows Server 2012 
 Bug Check 0x15E BUGCODE_NDIS_DRIVER_LIVE_DUMP The BUGCODE_NDIS_DRIVER_LIVE_DUMP bug code has a value of 0x0000015E. This bug code indicates that NDIS has captured a live kernel dump. NDIS does not generate a bug check in this situation. Parameters Parameter 1 is always equal to 0x01. This table gives the meanings of the other parameters. Parameter 1 Parameter 2 Parameter 3 Parameter 4 Cause of Error 0x01 Handle to the miniport adapter or filter module. Use !ndiskd.miniport or !ndiskd.filter. Address of the physical device object (PDO) of the miniport A code that indicates the reason for the error. See Cause for possible values. The miniport has experienced a fatal error and must be removed. Cause When Parameter 1 is 0x01, Parameter 4 indicates the cause of the error. Here are the possible values: 70: Caused by user mode 71: Caused by NdisMRemoveMiniport 72: Caused by NdisIMInitializeDeviceInstanceEx failing 73: Caused by MiniportRestart failing 74: Caused by failing a OID_PNP_SET_POWER (D0) request 75: Caused by failing a OID_PNP_SET_POWER (Dx) request Remarks This bug code occurs only in Windows 8.1 Preview and later versions of Windows. 
 Bug Check 0x1000007E: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M The SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M bug check has a value of 0x1000007E. This indicates that a system thread generated an exception which the error handler did not catch. 
 Bug check 0x1000007E has the same meaning and parameters as bug check 0x7E (SYSTEM_THREAD_EXCEPTION_NOT_HANDLED). 
 Bug Check 0x1000007F: UNEXPECTED_KERNEL_MODE_TRAP_M The UNEXPECTED_KERNEL_MODE_TRAP_M bug check has a value of 0x1000007F. This indicates that a trap was generated by the Intel CPU and the kernel failed to catch this trap. Bug check 0x1000007F has the same meaning and parameters as bug check 0x7F (UNEXPECTED_KERNEL_MODE_TRAP). 
 Bug Check 0x1000008E: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M The KERNEL_MODE_EXCEPTION_NOT_HANDLED_M bug check has a value of 0x1000008E. This indicates that a kernel-mode program generated an exception which the error handler did not catch. Bug check 0x1000008E has the same meaning and parameters as bug check 0x8E (KERNEL_MODE_EXCEPTION_NOT_HANDLED). 
 Bug Check 0x100000EA: THREAD_STUCK_IN_DEVICE_DRIVER_M The THREAD_STUCK_IN_DEVICE_DRIVER_M bug check has a value of 0x100000EA. This indicates that a thread in a device driver is endlessly spinning. Bug check 0x100000EA has the same meaning and parameters as bug check 0xEA (THREAD_STUCK_IN_DEVICE_DRIVER). 
 Bug Check 0xC0000218: STATUS_CANNOT_LOAD_REGISTRY_FILE The STATUS_CANNOT_LOAD_REGISTRY_FILE bug check has a value of 0xC0000218. This indicates that a registry file could not be loaded. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 Address of the name of the registry hive that could not be loaded. 2 Zero (Reserved) 3 Zero (Reserved) 4 Zero (Reserved) This bug check displays a descriptive text message. The name of the damaged file is displayed as part of the message. Cause This error occurs if a necessary registry hive file cannot be loaded. Usually this means the file is corrupt or is missing. In rare instances, this error can be caused by a driver that has corrupted the registry image in memory, or by a memory error in this region. Resolution Try using the the startup recovery mechanism (for example Startup Repair, Recovery Console, or Emergency Recovery Disk) provided by the operating system. If the problem is a missing or corrupt registry file, that usually fixes the problem. 
 Bug Check 0xC000021A: STATUS_SYSTEM_PROCESS_TERMINATED The STATUS_SYSTEM_PROCESS_TERMINATED bug check has a value of 0xC000021A. This means that an error has occurred in a crucial user-mode subsystem. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 A string that identifies the problem 2 The error code 3 Reserved 4 Reserved Cause This error occurs when a user-mode subsystem, such as WinLogon or the Client Server Run-Time Subsystem (CSRSS), has been fatally compromised and security can no longer be guaranteed. In response, the operating system switches to kernel mode. Microsoft Windows cannot run without WinLogon or CSRSS. Therefore, this is one of the few cases where the failure of a user-mode service can shut down the system. Mismatched system files can also cause this error. This can occur if you have restored your hard disk from a backup. Some backup programs might skip restoring system files that they determine are in use. Resolution Running the kernel debugger is not useful in this situation because the actual error occurred in a user-mode process. Resolving an error in a user-mode device driver, system service, or third-party application: Because bug check 0xC000021A occurs in a user-mode process, the most common culprits are third-party applications. If the error occurred after the installation of a new or updated device driver, system service, or third-party application, the new software should be removed or disabled. Contact the manufacturer of the software about a possible update. If the error occurs during system startup, restart your computer, and press F8 at the character-based menu that displays the operating system choices. At the resulting Windows Advanced Options menu, choose the Last Known Good Configuration option. This option is most effective when only one driver or service is added at a time. If this does not resolve the error, try manually removing the offending software. If the system partition is formatted with file allocation table (FAT), use an MS-DOS startup disk to gain access to the computer's hard disk. If the system partition is formatted with NTFS file system, you might be able to use Safe Mode to rename or delete the faulty software. If the faulty software is used as part of the system startup process in Safe Mode, you need to start the computer using the Recovery Console in order to access the file. If a newly installed piece if hardware is suspected, remove it to see if this resolves the issue. Try running the Emergency Recovery Disk (ERD) and allow the system to repair any errors that it detects. Resolving a mismatched system file problem: If you have recently restored your hard disk from a backup, check if there is an updated version of the Backup/Restore program available from the manufacturer. Make sure the latest Windows Service Pack is installed. 
 Bug Check 0xC0000221: STATUS_IMAGE_CHECKSUM_MISMATCH The STATUS_IMAGE_CHECKSUM_MISMATCH bug check has a value of 0xC0000221. This indicates that a driver or a system DLL has been corrupted. Parameters This bug check will display a descriptive text message. The name of the damaged file is displayed as part of the message. Cause This bug check results from a serious error in a driver or other system file. The file header checksum does not match the expected checksum. This can also be caused by faulty hardware in the I/O path to the file (a disk error, faulty RAM, or a corrupted page file). Resolution To remedy this error, run the Emergency Recovery Disk (ERD) and allow the system to repair or replace the missing or damaged driver file on the system partition. You can also run an in-place upgrade over the existing copy of Windows. This preserves all registry settings and configuration information, but replaces all system files. If any Service Packs and/or hotfixes had previously been applied, you need to reinstall them afterward in the appropriate order (latest Service Pack, then any post-Service Pack hotfixes in the order in which they were originally installed, if applicable). If a specific file was identified in the bug check message as being corrupted, you can try replacing that individual file manually. If the system partition is formatted with FAT, you can start from an MS-DOS startup disk and copy the file from the original source onto the hard disk. If you have a dual-boot machine, you can boot to your other operating system and replace the file. If you want to replace the file on a single-boot system with an NTFS partition, you need to restart the system, press F8 at the operating system Loader menu, and choose Safe Mode with Command Prompt. From there, copy a fresh version of the file from the original source onto the hard disk. If the file is used as part of the system startup process in Safe Mode, you need to start the computer using the Recovery Console in order to access the file. If these methods fail, try reinstalling Windows and then restoring the system from a backup. Note If the original file from the product CD has a filename extension ending in an _ (underscore), the file needs to be uncompressed before it can be used. The Recovery Console's Copy command automatically detects compressed files and expands them as they are copied to the target location. If you are using Safe Mode to access a drive, use the Expand command to uncompress and copy the file to the target folder. You can use the Expand command in the command line environment of Safe Mode. Resolving a disk error problem: Disk errors can be a source of file corruption. Run Chkdsk /f /r to detect and resolve any file system structural corruption. You must restart the system before the disk scan begins on a system partition. Resolving a RAM problem: If the error occurred immediately after RAM was added to the system, the paging file might be corrupted or the new RAM itself might be either faulty or incompatible. To determine if newly added RAM is causing a bug check Return the system to the original RAM configuration. Use the Recovery Console to access the partition containing the paging file and delete the file pagefile.sys. While still in the Recovery Console, run Chkdsk /r on the partition that contained the paging file. Restart the system. Set the paging file to an optimal level for the amount of RAM added. Shutdown the system and add your RAM. The new RAM must meet the system manufacturer's specifications for speed, parity, and type (that is, fast page-mode (FPM) versus extended data out (EDO) versus synchronous dynamic random access memory (SDRAM)). Try to match the new RAM to the existing installed RAM as closely as possible. RAM can come in many different capacities, and more importantly, in different formats (single inline memory modules -- SIMM -- or dual inline memory modules -- DIMM). The electrical contacts can be either gold or tin and it is not wise to mix these contact types. If you experience the same error message after reinstalling the new RAM, run hardware diagnostics supplied by the system manufacturer, especially the memory scanner. For details on these procedures, see the owner's manual for your computer. When you can log on to the system again, check the System Log in Event Viewer for additional error messages that might help pinpoint the device or driver that is causing the error. Disabling memory caching of the BIOS might also resolve this error. 
 Bug Check 0xDEADDEAD: MANUALLY_INITIATED_CRASH1 The MANUALLY_INITIATED_CRASH1 bug check has a value of 0xDEADDEAD. This indicates that the user deliberately initiated a crash dump from either the kernel debugger or the keyboard. Parameters None Remarks For details on manually-initiated crash dumps, see Forcing a System Crash.
--

注目の投稿

Shadowserver Foundation http://65.49.1.117/

Shadowserver Foundation port 14491 discarded for LINK-FRMWRK: NO ENTRY IN LOOKUP TABLE TO COMPLETE OPERATION, GigaEthernet2.0 Wistron Neweb ...

人気の投稿